VYPR
Moderate severityNVD Advisory· Published Feb 18, 2012· Updated Jun 16, 2026

CVE-2011-4320

CVE-2011-4320

Description

The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ejabberdHex
< 2.1.92.1.9
ejabberdHex
>= 3.0.0-alpha-1, < 3.0.0-alpha-43.0.0-alpha-4

Affected products

3
  • cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:process-one:ejabberd:3.0.0:alpha3:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.1.9

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.