Description
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.
Remediation
References
https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
https://github.com/mcollina/aedes/issues/212
https://github.com/mcollina/aedes/issues/211
Related Vulnerabilities
CVE-2018-7408 Vulnerability in maven package org.webjars:npm
CVE-2018-11012 Vulnerability in maven package cc.ryanc:halo
CVE-2022-39249 Vulnerability in npm package matrix-js-sdk
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2020-2140 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail