Debian Bug report logs -
#977467
CVE-2019-15605
Package:
src:http-parser;
Maintainer for src:http-parser is Christoph Biedl <debianaxhn@manchmalin-ulmde>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Tue, 15 Dec 2020 12:21:04 UTC
Severity: grave
Tags: security
Found in version http-parser/292-2
Fixed ...
Multiple vulnerabilities were discovered in Nodejs, which could result in
denial of service or HTTP request smuggling
For the stable distribution (buster), these problems have been fixed in
version 10190~dfsg1-1
We recommend that you upgrade your nodejs packages
For the detailed security status of nodejs please refer to
its security tracker p ...
HTTP request smuggling in Nodejs 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed (CVE-2019-15605) ...
Synopsis
Important: nodejs:10 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis
Important: http-parser security update
Type/Severity
Security Advisory: Important
Topic
An update for http-parser is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: rh-nodejs12-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: http-parser security update
Type/Severity
Security Advisory: Important
Topic
An update for http-parser is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Important: rh-nodejs10-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: nodejs:10 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: nodejs:12 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: http-parser security update
Type/Severity
Security Advisory: Important
Topic
An update for http-parser is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Important: http-parser security update
Type/Severity
Security Advisory: Important
Topic
An update for http-parser is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vul ...
A flaw was found in the Nodejs code where a specially crafted HTTP(s) request sent to a Nodejs server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack An attacker can use this flaw to alter a request sent as an authenticated user if the Nodejs server is deployed behind a proxy server that reuses connection ...