VYPR

Mqtt.js

by Mqtt.js Project

CVEs (2)

  • CVE-2016-1000242higSep 1, 2020
    risk 0.45cvss epss 0.03

    Affected versions of `mqtt` will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition. ## Recommendation Update to v1.0.0 or later

  • CVE-2017-10910MedDec 28, 2017
    risk 0.35cvss 6.5epss 0.02

    MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.