Medium severity6.5NVD Advisory· Published Dec 28, 2017· Updated Jun 17, 2026
CVE-2017-10910
CVE-2017-10910
Description
MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mqttnpm | >= 2.0.0, < 2.15.0 | 2.15.0 |
Affected products
3- cpe:2.3:a:mqtt.js_project:mqtt.js:*:*:*:*:*:node.js:*:*Range: >=2.0.0,<2.15.0
- MQTT.js./MQTT.jsv5Range: 2.x.x prior to 2.15.0
Patches
Vulnerability mechanics
References
7- github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-h9mj-fghc-664wghsaADVISORY
- github.com/mqttjs/MQTT.js/releases/tag/v2.15.0nvdRelease NotesThird Party AdvisoryWEB
- jvn.jp/en/jp/JVN45494523/index.htmlnvdThird Party AdvisoryVDB EntryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-10910ghsaADVISORY
- github.com/nodejs/security-wg/blob/master/vuln/npm/357.jsonghsaWEB
- www.npmjs.com/advisories/555ghsaWEB
News mentions
0No linked articles in our index yet.