The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ejabberd(Hex) | 0 | 2.1.9 | N/A |
| ejabberd(Hex) | 3.0.0-alpha-1 | 3.0.0-alpha-4 | N/A |
CVSS Metrics
