9.8

CVE-2019-15606

Exploit
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NodejsNode.Js SwEditionlts Version >= 10.0.0 < 10.19.0
NodejsNode.Js SwEditionlts Version >= 12.0.0 < 12.15.0
NodejsNode.Js SwEdition- Version >= 13.0.0 < 13.8.0
OracleGraalvm Version19.3.1 SwEditionenterprise
OracleGraalvm Version20.0.0 SwEditionenterprise
DebianDebian Linux Version10.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.1
OpensuseLeap Version15.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.04% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://security.gentoo.org/glsa/202003-48
Third Party Advisory
https://www.debian.org/security/2020/dsa-4669
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0573
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0579
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0597
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0602
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2020:0598
Third Party Advisory
https://nodejs.org/en/blog/release/v10.19.0/
Vendor Advisory
Release Notes
https://nodejs.org/en/blog/release/v12.15.0/
Vendor Advisory
Release Notes
https://nodejs.org/en/blog/release/v13.8.0/
Vendor Advisory
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
Vendor Advisory
https://security.netapp.com/advisory/ntap-20200221-0004/
Third Party Advisory
https://hackerone.com/reports/730779
Third Party Advisory
Exploit