CVE-2018-3778

CVE-2018-3778

EPSS 1.4%CWE-285

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.

Affected products

HackerOne · aedes

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mcollina/aedes/issues/211 https://github.com/mcollina/aedes/issues/212 https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json