Description
Affected versions of mqtt will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition.
Recommendation
Update the mqtt package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.3.13
- Patched version(s): 1.0.0
References
Related Issues
- Denial of Service in jquery - CVE-2016-10707
- gifplayer XSS vulnerability - CVE-2025-31128
- Prototype pollution in gsap - CVE-2020-28478
- pym.js CSRF Vulnerability - CVE-2018-1000086
- Tags:
- npm
- mqtt
Anything's wrong? Let us know Last updated on January 09, 2023