The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ejabberd | Process-one | 3.0.0 | 3.0.0 |
Ejabberd | Process-one | 2.1.8 | 2.1.8 |