Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication and extension bypass in Faye
Vulnerability Description
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Faye 授权问题漏洞
Vulnerability Description
Faye是James Coglan软件开发者的一套开源的基于Bayeux协议的发布-订阅消息系统。该系统主要用于在Web客户端之间进行发布-订阅消息传递。 Faye中存在授权问题漏洞。攻击者可利用该漏洞绕过身份验证。以下产品及版本受到影响:Faye(node.js和ruby)0.5.0之后版本(1.0.4版本已修复),1.1.0及之后版本(1.1.3版本已修复),1.2.0及之后版本(1.2.5版本已修复)。
CVSS Information
N/A
Vulnerability Type
N/A