CVE-2018-3778 — Improper Authorization in aedes

Description

Versions of `aedes` before 0.35.1 does not respect its own authorization rules when a client sets a `Last Will`. ## Recommendation Update to version 0.35.1 or later.

How to fix CVE-2018-3778

To remediate CVE-2018-3778, upgrade the affected package to a fixed version below.

npm/aedes—upgrade to 0.35.1 or later

Is CVE-2018-3778 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 0.35.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-3778
PATCHgithub.com/moscajs/aedes
WEBgithub.com/moscajs/aedes/commit/ffbc1702bb24b596afbb96407cc6db234a4044a8
WEBgithub.com/moscajs/aedes/issues/211
WEB