MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.
[
{
"product": "mqtt-packet node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<3.4.6 || > 4.0.0 <4.0.5"
}
]
}
]