Description
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.
Remediation
References
https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
https://github.com/mcollina/aedes/issues/212
https://github.com/mcollina/aedes/issues/211
Related Vulnerabilities
CVE-2018-3751 Vulnerability in npm package merge-recursive
CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:preflight-app
CVE-2017-3161 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs
CVE-2020-15366 Vulnerability in maven package org.webjars.bowergithub.epoberezkin:ajv
CVE-2017-9096 Vulnerability in maven package com.itextpdf:kernel