GMS-2020-749: Denial of Service in mqtt

September 1, 2020 (updated September 23, 2021)

Affected versions of mqtt will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition.

Recommendation

Update to v1.0.0 or later

References

github.com/advisories/GHSA-hg78-c92r-hvwr
github.com/mqttjs/MQTT.js/blob/388a084d7803934b18b43c1146c817deaa1396b1/lib/parse.js
nvd.nist.gov/vuln/detail/CVE-2016-1000242
snyk.io/vuln/npm:mqtt:20160817
www.npmjs.com/advisories/140

Code Behaviors & Features

Detect and mitigate GMS-2020-749 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →