PatchSiren

faye CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM faye CVE published 2026-07-17

CVE-2026-54490

CVE-2026-54490 is a denial of service vulnerability in websocket-driver, a WebSocket protocol handler with pluggable I/O. The issue occurs when using the permessage-deflate extension, allowing WebSocket servers or clients to accept messages larger than the configured maximum message size. This can lead to applications accepting larger messages than expected and exceeding their intended resource usage. Use [truncated]

CRITICAL faye CVE published 2026-07-17

CVE-2026-54466

CVE-2026-54466 is a critical vulnerability in websocket-driver, a WebSocket protocol handler with pluggable I/O. The issue allows an attacker to cause an infinite loop by sending a specially-crafted sequence of bytes, potentially leading to incorrect parsing of subsequent payloads. This vulnerability is fixed in version 0.7.5. Affected product deployments should be reviewed for exposure and updated to the [truncated]

MEDIUM faye CVE published 2026-07-17

CVE-2026-54465

CVE-2026-54465 is a denial of service vulnerability in websocket-driver. A peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This issue affects users of websocket-driver, especially those implementing WebSocket servers or clients. The vulnerability can lead to the receiving process running out of memory, pote [truncated]

MEDIUM faye CVE published 2026-07-17

CVE-2026-54464

CVE-2026-54464 is a vulnerability in the websocket-driver-ruby library. If this library is used with the `permessage-deflate` extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This issue has been patched in version 0.8.1. The vulnerability allows applications to accept larger messages than expected, potentially exceeding intend [truncated]

MEDIUM faye CVE published 2026-07-17

CVE-2026-54463

CVE-2026-54463 is a memory consumption vulnerability in websocket-driver, a WebSocket protocol handler with pluggable I/O. The issue allows an attacker to cause a WebSocket connection to consume an unbounded amount of memory, potentially leading to the host process running out of memory. This is due to a flaw in the handling of draft versions of the WebSocket protocol, which can result in an ever-growing [truncated]