CVE-2020-11020: Improper Authentication

April 29, 2020 (updated May 6, 2020)

Faye is vulnerable to an authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel.

References

nvd.nist.gov/vuln/detail/CVE-2020-11020

Code Behaviors & Features

Detect and mitigate CVE-2020-11020 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →