CVE-2021-34434 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Access restriction bypass |
| Description | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2332 | mosquitto | 2.0.11-1 | 2.0.12-1 | Medium | Fixed |
| References |
|---|
https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/638 https://github.com/eclipse/mosquitto/commit/32af599c81e63fa38e834b8f1c1f108c49328e95 |