GHSA-gh78-48h3-frjq

Опубликовано: 06 мая 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Improper exception handling in Aedes

An issue was discovered in MoscaJS Aedes 0.42.0 and fixed in 0.42.1. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-13410
https://github.com/moscajs/aedes/pull/493
https://github.com/moscajs/aedes/commit/8d34ee5819cfc983d57e49b45d8c5ef70a76d79b
https://payatu.com/advisory/dos-in-aedes-mqtt-broker

Пакеты

Наименование

aedes

npm

Затронутые версииВерсия исправления

< 0.42.1

0.42.1

EPSS

Процентиль: 67%

0.00537

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-13410

Дефекты

CWE-755

Связанные уязвимости

CVE-2020-13410

CVSS3: 7.5

nvd

больше 5 лет назад

An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.

EPSS

Процентиль: 67%

0.00537

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-13410

Дефекты

CWE-755