9.8
CVE-2019-15606
- EPSS 20.04%
- Veröffentlicht 07.02.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:29:07
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Eus Version8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.04% | 0.971 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://security.gentoo.org/glsa/202003-48
https://www.debian.org/security/2020/dsa-4669
https://access.redhat.com/errata/RHSA-2020:0573
https://access.redhat.com/errata/RHSA-2020:0579
https://access.redhat.com/errata/RHSA-2020:0597
https://access.redhat.com/errata/RHSA-2020:0602
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
https://access.redhat.com/errata/RHSA-2020:0598
https://nodejs.org/en/blog/release/v10.19.0/
https://nodejs.org/en/blog/release/v12.15.0/
https://nodejs.org/en/blog/release/v13.8.0/
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
https://security.netapp.com/advisory/ntap-20200221-0004/
https://hackerone.com/reports/730779