Description
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.
Remediation
References
https://github.com/mcollina/aedes/issues/211
https://github.com/mcollina/aedes/issues/212
https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
Related Vulnerabilities
CVE-2020-28458 Vulnerability in maven package org.webjars.bower:datatables.net
CVE-2020-6452 Vulnerability in npm package electron
CVE-2023-34092 Vulnerability in npm package vite
CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core