CVE-2019-15605
Description
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CWE
- CWE-444 — HTTP Request Smuggling (CWE-444)
Affected
- NodeJS / Node — v=4.0 <4.* [affected]; v=5.0 <5.* [affected]; v=6.0 <6.* [affected]; v=7.0 <7.* [affected]; v=8.0 <8.* [affected]; v=9.0 <9.* [affected]; v=10.0 <10.19.0 [affected]; v=11.0 <11.* [affected]; v=12.0 <12.15.0 [affected]; v=13.0 <13.8.0 [affected]
CVSS
- (none)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/ vendor-advisory, x_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/ vendor-advisory, x_refsource_FEDORA
- https://access.redhat.com/errata/RHSA-2020:0573 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2020:0579 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2020:0597 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2020:0598 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2020:0602 vendor-advisory, x_refsource_REDHAT
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html vendor-advisory, x_refsource_SUSE
- https://access.redhat.com/errata/RHSA-2020:0703 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2020:0707 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2020:0708 vendor-advisory, x_refsource_REDHAT
- https://security.gentoo.org/glsa/202003-48 vendor-advisory, x_refsource_GENTOO
- https://www.debian.org/security/2020/dsa-4669 vendor-advisory, x_refsource_DEBIAN
- https://www.oracle.com/security-alerts/cpuapr2020.html x_refsource_MISC
- https://www.oracle.com//security-alerts/cpujul2021.html x_refsource_MISC
- https://nodejs.org/en/blog/release/v13.8.0/ x_refsource_CONFIRM
- https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ x_refsource_CONFIRM
- https://nodejs.org/en/blog/release/v10.19.0/ x_refsource_CONFIRM
- https://nodejs.org/en/blog/release/v12.15.0/ x_refsource_CONFIRM
- https://security.netapp.com/advisory/ntap-20200221-0004/ x_refsource_CONFIRM
- https://hackerone.com/reports/735748 x_refsource_MISC
Source
cvelistV5-main/cves/2019/15xxx/CVE-2019-15605.json