Description
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.
Remediation
References
https://github.com/mcollina/aedes/issues/211
https://github.com/mcollina/aedes/issues/212
https://github.com/nodejs/security-wg/blob/master/vuln/npm/457.json
Related Vulnerabilities
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets
CVE-2020-23811 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2022-36090 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-0086 Vulnerability in npm package uppy
CVE-2023-1370 Vulnerability in maven package net.minidev:json-smart