exploitDog

CVE-2018-3778

Опубликовано: 08 авг. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.

Ссылки

https://github.com/mcollina/aedes/issues/211
Issue Tracking
Patch
Third Party Advisory
https://github.com/mcollina/aedes/issues/212
Issue Tracking
Third Party Advisory
https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
Third Party Advisory
https://github.com/mcollina/aedes/issues/211
Issue Tracking
Patch
Third Party Advisory
https://github.com/mcollina/aedes/issues/212
Issue Tracking
Third Party Advisory
https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aedes_project:aedes:*:*:*:*:*:*:*:*

Версия до 0.35.0 (исключая)

EPSS

Процентиль: 56%

0.00332

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-285

CWE-863

Связанные уязвимости

GHSA-4cmx-hrq9-c23p

CVSS3: 5.3

github

больше 7 лет назад

Improper Authorization in aedes

EPSS

Процентиль: 56%

0.00332

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-285

CWE-863