CVE-2017-10910

Name of the Vulnerable Software and Affected Versions MQTT.js versions prior to 2.15.0

Description The issue lies in the handling of PUBLISH tickets, which may lead to an attacker causing a denial-of-service condition. This occurs because affected versions of mqtt do not properly handle PUBLISH packets returning from the server. However, if the only connected servers are trusted and guaranteed not to be under the control of a malicious actor, the vulnerability is completely mitigated.

Recommendations Update to version 2.15.0 or later. As a temporary workaround, consider restricting access to untrusted MQTT servers to minimize the risk of exploitation.