{"id":"CVE-2017-10910","details":"MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.","aliases":["GHSA-h9mj-fghc-664w"],"modified":"2026-04-01T23:59:16.328792Z","published":"2017-12-28T02:29:03.427Z","references":[{"type":"ADVISORY","url":"https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN45494523/index.html"},{"type":"FIX","url":"https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mqttjs/mqtt.js","events":[{"introduced":"eb1ce59c4507fb5c0b969e0b45c100b55b075542"},{"fixed":"941f3ebe6fb0b633ce3382f2d0f3660bb4d9915e"},{"fixed":"403ba53b838f2d319a0c0505a045fe00239e9923"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"2.15.0"}]}}],"versions":["v2.0.0","v2.0.1","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.10.0","v2.11.0","v2.12.0","v2.12.1","v2.13.0","v2.13.1","v2.14.0","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.4.0","v2.5.0","v2.5.1","v2.5.2","v2.6.0","v2.6.1","v2.6.2","v2.7.0","v2.7.2","v2.8.0","v2.8.1","v2.8.2","v2.9.0","v2.9.1","v2.9.2","v2.9.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-10910.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}