WebSocket Driver Library Vulnerability Affecting Faye's Ruby Implementation
CVE-2026-54464
6.3MEDIUM
What is CVE-2026-54464?
A vulnerability in the Faye WebSocket driver for Ruby allows servers or clients to process messages exceeding the configured maximum size. When used with the permessage-deflate extension, the length check on message frames uses compressed data sizes. This oversight can lead to resource exhaustion as applications may accept larger messages than intended. Users are strongly urged to upgrade to version 0.8.1, where this issue has been addressed with checks for message lengths post-decompression. Currently, no known workarounds exist.
Affected Version(s)
websocket-driver-ruby < 0.8.1
