VYPR

npm package

mqtt

pkg:npm/mqtt

Vulnerabilities (2)

  • CVE-2016-1000242higSep 1, 2020
    affected < 1.0.0fixed 1.0.0

    Affected versions of `mqtt` will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition. ## Recommendation Update to v1.0.0 or later

  • CVE-2017-10910MedDec 28, 2017
    affected >= 2.0.0, < 2.15.0fixed 2.15.0

    MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.