Denial of Service (DoS)

Affecting mqtt package, versions >=2.0.0 <2.15.0

medium severity

Overview

mqtt is a client library for the MQTT protocol, written in JavaScript for node.js and the browser.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.

References

Do your applications use this vulnerable package?

Credit
Masataka Sakaguchi, Bintatsu Noda, Hisashi Kojima
CVE
CVE-2017-10910
Snyk ID
npm:mqtt:20171225
Disclosed
25 Dec, 2017
Published
03 Jan, 2018