Mqtt · Mqtt.Js · CVE-2017-10910
**Name of the Vulnerable Software and Affected Versions**
MQTT.js versions prior to 2.15.0
**Description**
The issue lies in the handling of PUBLISH tickets, which may lead to an attacker causing a denial-of-service condition. This occurs because affected versions of `mqtt` do not properly handle PUBLISH packets returning from the server. However, if the only connected servers are trusted and guaranteed not to be under the control of a malicious actor, the vulnerability is completely mitigated.
**Recommendations**
Update to version 2.15.0 or later. As a temporary workaround, consider restricting access to untrusted MQTT servers to minimize the risk of exploitation.