npm package
mqtt
pkg:npm/mqtt
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1000242 | hig | — | < 1.0.0 | 1.0.0 | Sep 1, 2020 | Affected versions of `mqtt` will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition. ## Recommendation Update to v1.0.0 or later | |
| CVE-2017-10910 | Med | 6.5 | >= 2.0.0, < 2.15.0 | 2.15.0 | Dec 28, 2017 | MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. |
- affected < 1.0.0fixed 1.0.0
Affected versions of `mqtt` will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition. ## Recommendation Update to v1.0.0 or later
- affected >= 2.0.0, < 2.15.0fixed 2.15.0
MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.