Published: 07/02/2020 Updated: 07/03/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
oracle graalvm 20.0.0
oracle graalvm 19.3.1
oracle communications cloud native core network function cloud native environment 1.4.0
debian debian linux 10.0
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
opensuse leap 15.1

Synopsis Important: nodejs:10 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Com ...

Synopsis Important: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Important Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: rh-nodejs10-nodejs security update Type/Severity Security Advisory: Important Topic An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: nodejs:10 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Synopsis Important: nodejs:12 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Multiple vulnerabilities were discovered in Nodejs, which could result in denial of service or HTTP request smuggling For the stable distribution (buster), these problems have been fixed in version 10190~dfsg1-1 We recommend that you upgrade your nodejs packages For the detailed security status of nodejs please refer to its security tracker p ...

NVD-CWE-Other https://nodejs.org/en/blog/release/v13.8.0/https://hackerone.com/reports/730779 https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/https://nodejs.org/en/blog/release/v10.19.0/https://nodejs.org/en/blog/release/v12.15.0/https://access.redhat.com/errata/RHSA-2020:0573 https://security.netapp.com/advisory/ntap-20200221-0004/https://access.redhat.com/errata/RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0602 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html https://security.gentoo.org/glsa/202003-48 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.debian.org/security/2020/dsa-4669 https://www.oracle.com//security-alerts/cpujul2021.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:0573 https://www.debian.org/security/2020/dsa-4669

CVE-2019-15606

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect