GMS-2015-10: Auth delegation trough crafted socket ID

May 11, 2015

It’s possible for an attacker to circumvent authentication by crafting special socket ID.

References

github.com/pusher/pusher-http-ruby/blob/master/CHANGELOG.md
github.com/pusher/pusher-http-ruby/commit/c9fb93a0d9c1423da7bf9b7e846b3617a21975c7

Code Behaviors & Features

Detect and mitigate GMS-2015-10 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →