Emqx ≫ Emqx

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptab...

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.

EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given us...