CVE-2019-15606

Name
CVE-2019-15606
Description
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://nodejs.org/en/blog/release/v13.8.0/
Exploit https://hackerone.com/reports/730779
Vendor Advisory https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
Release Notes https://nodejs.org/en/blog/release/v10.19.0/
Release Notes https://nodejs.org/en/blog/release/v12.15.0/
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0573
Third Party Advisory https://security.netapp.com/advisory/ntap-20200221-0004/
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0579
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0598
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0597
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0602
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
Third Party Advisory https://security.gentoo.org/glsa/202003-48
Third Party Advisory https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory https://www.debian.org/security/2020/dsa-4669
N/A https://www.oracle.com//security-alerts/cpujul2021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* nodejs >= 10.0.0 < 10.19.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* nodejs >= 12.0.0 < 12.15.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* nodejs >= 13.0.0 < 13.8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status