Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for websocket-driver-ruby by faye

    CVE-2026-54465 (GCVE-0-2026-54465)

    Vulnerability from nvd – Published: 2026-07-17 20:06 – Updated: 2026-07-17 20:06
    VLAI
    Title
    websocket-driver: Memory exhaustion in HTTP header parser
    Summary
    websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server() or to complement a WebSocket client, a peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This can lead to the receiving process running out of memory. This issue is fixed in version 0.8.1.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "websocket-driver-ruby",
              "vendor": "faye",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server() or to complement a WebSocket client, a peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This can lead to the receiving process running out of memory. This issue is fixed in version 0.8.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T20:06:06.980Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-8j3g-f24p-4mpw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-8j3g-f24p-4mpw"
            },
            {
              "name": "https://github.com/faye/websocket-driver-ruby/commit/17b569f232896e71d458404ccf4854f80e987710",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/commit/17b569f232896e71d458404ccf4854f80e987710"
            }
          ],
          "source": {
            "advisory": "GHSA-8j3g-f24p-4mpw",
            "discovery": "UNKNOWN"
          },
          "title": "websocket-driver: Memory exhaustion in HTTP header parser"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54465",
        "datePublished": "2026-07-17T20:06:06.980Z",
        "dateReserved": "2026-06-15T15:30:40.319Z",
        "dateUpdated": "2026-07-17T20:06:06.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54464 (GCVE-0-2026-54464)

    Vulnerability from nvd – Published: 2026-07-17 20:03 – Updated: 2026-07-17 20:03
    VLAI
    Title
    websocket-driver: Resource limit bypass via message compression
    Summary
    ### Impact If this library is used in tandem with the `permessage-deflate` extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the size of the compressed data, not the size after decompression. This can lead to applications accepting larger messages than expected and exceeding their intended resource usage. ### Patches The issue has been patched in version 0.8.1, by checking the length of messages after they are processed by incoming extensions. All users should upgrade to this version. ### Workarounds No known workarounds exist. ### Acknowledgements This issue was discovered and reported by Pranjali Thakur, DepthFirst Security Research Team.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "websocket-driver-ruby",
              "vendor": "faye",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "### Impact\n\nIf this library is used in tandem with the `permessage-deflate` extension, a\nWebSocket server or client can be made to accept messages that are larger than\nthe configured maximum message size. This is because this limit is checked\nagainst the message frames\u0027 length headers, which give the size of the\ncompressed data, not the size after decompression. This can lead to applications\naccepting larger messages than expected and exceeding their intended resource\nusage.\n\n### Patches\n\nThe issue has been patched in version 0.8.1, by checking the length of messages\nafter they are processed by incoming extensions. All users should upgrade to\nthis version.\n\n### Workarounds\n\nNo known workarounds exist.\n\n### Acknowledgements\n\nThis issue was discovered and reported by Pranjali Thakur, DepthFirst Security\nResearch Team."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T20:03:36.326Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-33ph-fccm-39pj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-33ph-fccm-39pj"
            },
            {
              "name": "https://github.com/faye/websocket-driver-ruby/commit/fa8641724f10bf3273585f1dcf9041f540bbd036",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/commit/fa8641724f10bf3273585f1dcf9041f540bbd036"
            }
          ],
          "source": {
            "advisory": "GHSA-33ph-fccm-39pj",
            "discovery": "UNKNOWN"
          },
          "title": "websocket-driver: Resource limit bypass via message compression"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54464",
        "datePublished": "2026-07-17T20:03:36.326Z",
        "dateReserved": "2026-06-15T15:30:40.319Z",
        "dateUpdated": "2026-07-17T20:03:36.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54463 (GCVE-0-2026-54463)

    Vulnerability from nvd – Published: 2026-07-17 20:05 – Updated: 2026-07-17 20:05
    VLAI
    Title
    websocket-driver: Memory exhaustion via abuse of protocol length headers
    Summary
    websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "websocket-driver-ruby",
              "vendor": "faye",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T20:05:17.888Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-ghhp-3qvg-889p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-ghhp-3qvg-889p"
            },
            {
              "name": "https://github.com/faye/websocket-driver-ruby/commit/d0141f041f6e3677a951255d547a313e732ccbe0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/commit/d0141f041f6e3677a951255d547a313e732ccbe0"
            }
          ],
          "source": {
            "advisory": "GHSA-ghhp-3qvg-889p",
            "discovery": "UNKNOWN"
          },
          "title": "websocket-driver: Memory exhaustion via abuse of protocol length headers"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54463",
        "datePublished": "2026-07-17T20:05:17.888Z",
        "dateReserved": "2026-06-15T15:30:40.319Z",
        "dateUpdated": "2026-07-17T20:05:17.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54465 (GCVE-0-2026-54465)

    Vulnerability from cvelistv5 – Published: 2026-07-17 20:06 – Updated: 2026-07-17 20:06
    VLAI
    Title
    websocket-driver: Memory exhaustion in HTTP header parser
    Summary
    websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server() or to complement a WebSocket client, a peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This can lead to the receiving process running out of memory. This issue is fixed in version 0.8.1.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "websocket-driver-ruby",
              "vendor": "faye",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server() or to complement a WebSocket client, a peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This can lead to the receiving process running out of memory. This issue is fixed in version 0.8.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T20:06:06.980Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-8j3g-f24p-4mpw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-8j3g-f24p-4mpw"
            },
            {
              "name": "https://github.com/faye/websocket-driver-ruby/commit/17b569f232896e71d458404ccf4854f80e987710",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/commit/17b569f232896e71d458404ccf4854f80e987710"
            }
          ],
          "source": {
            "advisory": "GHSA-8j3g-f24p-4mpw",
            "discovery": "UNKNOWN"
          },
          "title": "websocket-driver: Memory exhaustion in HTTP header parser"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54465",
        "datePublished": "2026-07-17T20:06:06.980Z",
        "dateReserved": "2026-06-15T15:30:40.319Z",
        "dateUpdated": "2026-07-17T20:06:06.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54463 (GCVE-0-2026-54463)

    Vulnerability from cvelistv5 – Published: 2026-07-17 20:05 – Updated: 2026-07-17 20:05
    VLAI
    Title
    websocket-driver: Memory exhaustion via abuse of protocol length headers
    Summary
    websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "websocket-driver-ruby",
              "vendor": "faye",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T20:05:17.888Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-ghhp-3qvg-889p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-ghhp-3qvg-889p"
            },
            {
              "name": "https://github.com/faye/websocket-driver-ruby/commit/d0141f041f6e3677a951255d547a313e732ccbe0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/commit/d0141f041f6e3677a951255d547a313e732ccbe0"
            }
          ],
          "source": {
            "advisory": "GHSA-ghhp-3qvg-889p",
            "discovery": "UNKNOWN"
          },
          "title": "websocket-driver: Memory exhaustion via abuse of protocol length headers"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54463",
        "datePublished": "2026-07-17T20:05:17.888Z",
        "dateReserved": "2026-06-15T15:30:40.319Z",
        "dateUpdated": "2026-07-17T20:05:17.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54464 (GCVE-0-2026-54464)

    Vulnerability from cvelistv5 – Published: 2026-07-17 20:03 – Updated: 2026-07-17 20:03
    VLAI
    Title
    websocket-driver: Resource limit bypass via message compression
    Summary
    ### Impact If this library is used in tandem with the `permessage-deflate` extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the size of the compressed data, not the size after decompression. This can lead to applications accepting larger messages than expected and exceeding their intended resource usage. ### Patches The issue has been patched in version 0.8.1, by checking the length of messages after they are processed by incoming extensions. All users should upgrade to this version. ### Workarounds No known workarounds exist. ### Acknowledgements This issue was discovered and reported by Pranjali Thakur, DepthFirst Security Research Team.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "websocket-driver-ruby",
              "vendor": "faye",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "### Impact\n\nIf this library is used in tandem with the `permessage-deflate` extension, a\nWebSocket server or client can be made to accept messages that are larger than\nthe configured maximum message size. This is because this limit is checked\nagainst the message frames\u0027 length headers, which give the size of the\ncompressed data, not the size after decompression. This can lead to applications\naccepting larger messages than expected and exceeding their intended resource\nusage.\n\n### Patches\n\nThe issue has been patched in version 0.8.1, by checking the length of messages\nafter they are processed by incoming extensions. All users should upgrade to\nthis version.\n\n### Workarounds\n\nNo known workarounds exist.\n\n### Acknowledgements\n\nThis issue was discovered and reported by Pranjali Thakur, DepthFirst Security\nResearch Team."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T20:03:36.326Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-33ph-fccm-39pj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-33ph-fccm-39pj"
            },
            {
              "name": "https://github.com/faye/websocket-driver-ruby/commit/fa8641724f10bf3273585f1dcf9041f540bbd036",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/faye/websocket-driver-ruby/commit/fa8641724f10bf3273585f1dcf9041f540bbd036"
            }
          ],
          "source": {
            "advisory": "GHSA-33ph-fccm-39pj",
            "discovery": "UNKNOWN"
          },
          "title": "websocket-driver: Resource limit bypass via message compression"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54464",
        "datePublished": "2026-07-17T20:03:36.326Z",
        "dateReserved": "2026-06-15T15:30:40.319Z",
        "dateUpdated": "2026-07-17T20:03:36.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }