Published: 07/02/2020 Updated: 07/03/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
debian debian linux 10.0
opensuse leap 15.1
redhat software collections 1.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux server tus 8.2
redhat enterprise linux server aus 8.2
redhat enterprise linux 8.0
redhat enterprise linux server tus 8.4
redhat enterprise linux eus 8.4
redhat enterprise linux server aus 8.4
redhat enterprise linux server aus 8.6
redhat enterprise linux server tus 8.6
redhat enterprise linux eus 8.6
oracle graalvm 20.0.0
oracle graalvm 19.3.1
oracle communications cloud native core network function cloud native environment 1.4.0

Synopsis Important: nodejs:10 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Com ...

Synopsis Important: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Important Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: rh-nodejs10-nodejs security update Type/Severity Security Advisory: Important Topic An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: nodejs:10 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Synopsis Important: nodejs:12 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Multiple vulnerabilities were discovered in Nodejs, which could result in denial of service or HTTP request smuggling For the stable distribution (buster), these problems have been fixed in version 10190~dfsg1-1 We recommend that you upgrade your nodejs packages For the detailed security status of nodejs please refer to its security tracker p ...

CWE-295 https://nodejs.org/en/blog/release/v13.8.0/https://hackerone.com/reports/746733 https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/https://nodejs.org/en/blog/release/v10.19.0/https://nodejs.org/en/blog/release/v12.15.0/https://access.redhat.com/errata/RHSA-2020:0573 https://security.netapp.com/advisory/ntap-20200221-0004/https://access.redhat.com/errata/RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0602 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html https://security.gentoo.org/glsa/202003-48 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.debian.org/security/2020/dsa-4669 https://www.oracle.com//security-alerts/cpujul2021.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:0573 https://www.debian.org/security/2020/dsa-4669

CVE-2019-15604

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect