Description
Affected versions of mqtt will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition.
Recommendation
Update the mqtt package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.3.13
- Patched version(s): 1.0.0
References
Related Issues
- Denial of Service and Content Injection in i18n-node-angular - CVE-2016-10524
- Denial of Service in mqtt (GHSA-h9mj-fghc-664w) - CVE-2017-10910
- Regular Expression Denial of Service in jadedown - CVE-2016-10520
- Regular Expression Denial of Service in moment (GHSA-87vv-r9j6-g5qv) - CVE-2016-4055
- Tags:
- npm
- mqtt
Anything's wrong? Let us know Last updated on January 09, 2023