CVE-2019-15604

Name
CVE-2019-15604
Description
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://nodejs.org/en/blog/release/v13.8.0/
Exploit https://hackerone.com/reports/746733
Vendor Advisory https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
Release Notes https://nodejs.org/en/blog/release/v10.19.0/
Release Notes https://nodejs.org/en/blog/release/v12.15.0/
REDHAT https://access.redhat.com/errata/RHSA-2020:0573
CONFIRM https://security.netapp.com/advisory/ntap-20200221-0004/
REDHAT https://access.redhat.com/errata/RHSA-2020:0579
REDHAT https://access.redhat.com/errata/RHSA-2020:0598
REDHAT https://access.redhat.com/errata/RHSA-2020:0597
REDHAT https://access.redhat.com/errata/RHSA-2020:0602
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
GENTOO https://security.gentoo.org/glsa/202003-48
N/A https://www.oracle.com/security-alerts/cpuapr2020.html
DEBIAN https://www.debian.org/security/2020/dsa-4669
N/A https://www.oracle.com//security-alerts/cpujul2021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* nodejs >= 13.0.0 < 13.8.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* nodejs >= 12.0.0 < 12.15.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* nodejs >= 10.0.0 < 10.19.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status