The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. Users unable to upgrade should avoid exposing their development server to the internet.Ī use-after-free vulnerability exists in NanoMQ 0.17.2. A patch has been introduced in and which mitigates the issue. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `-host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. Any file in scope of the development server could potentially be exposed. ![]() The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `_file-code-frame` and `_original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Gatsby is a free and open source framework based on React. NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |