Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-COCOAPODS-MOSQUITTO-1932559
- published 29 Nov 2021
- disclosed 29 Nov 2021
- credit Unknown
How to fix?
Mosquitto to version 2.0.12 or higher.
Mosquitto is an open source implementation of a server for version 3.1 and 3.1.1 of the MQTT protocol.
Affected versions of this package are vulnerable to Improper Authorization. When using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.