CVE-2019-15606

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 1.25 % (86^th)

Affected Products 7

Advisories 19

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Weaknesses

CWE-20: Improper Input Validation
CWE-NVD-Other

CVE Status: PUBLISHED
CNA: HackerOne
Published Date: 2020-02-07 15:15:11
(4 years ago)
Updated Date: 2024-03-07 21:24:40
(6 months ago)

Affected Products

Debian

Debian Linux

Nodejs

Node.js

Opensuse

Leap

Oracle

Redhat

Configuration #1

		CPE23	From	Up To
	Nodejs Node.js from 10.0.0 version and prior 10.19.0 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 10.0.0	< 10.19.0
	Nodejs Node.js from 12.0.0 version and prior 12.15.0 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 12.0.0	< 12.15.0
	Nodejs Node.js from 13.0.0 version and prior 13.8.0 version	cpe:2.3:a:nodejs:node.js::::*:-	>= 13.0.0	< 13.8.0

Configuration #2

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.4.0	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0
	Oracle Graalvm 19.3.1	cpe:2.3:a:oracle:graalvm:19.3.1:::*:enterprise
	Oracle Graalvm 20.0.0	cpe:2.3:a:oracle:graalvm:20.0.0:::*:enterprise

Configuration #3

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #4

		CPE23	From	Up To
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux Eus 8.1	cpe:2.3:o:redhat:enterprise_linux_eus:8.1

Configuration #5

		CPE23	From	Up To
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1