CVE-2018-3778
N/A
N/A
Summary
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | aedes | >=0.35.1 | affected |
Weaknesses
- CWE-285: Improper Authorization (CWE-285)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
- https://github.com/mcollina/aedes/issues/212
- https://github.com/mcollina/aedes/issues/211
References
- https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
- https://github.com/mcollina/aedes/issues/212
- https://github.com/mcollina/aedes/issues/211
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.