CVE-2019-15605

Published: Feb 7, 2020
Updated: Apr 13, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-15605" target="_blank" rel="noopener"> CVE-2019-15605
Severity: Critical
Exploit:

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
nodejs / node.js	13.0.0	13.8.0
nodejs / node.js	12.0.0	12.15.0
nodejs / node.js	10.0.0	10.19.0
debian / debian_linux	10.0	10.0.x
fedoraproject / fedora	30	30.x
opensuse / leap	15.1	15.1.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / software_collections	1.0	1.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_server_aus	7.7	7.7.x
redhat / enterprise_linux_server_tus	7.7	7.7.x
redhat / enterprise_linux_eus	7.7	7.7.x
redhat / enterprise_linux_eus	8.1	8.1.x
redhat / enterprise_linux_eus	8.2	8.2.x
redhat / enterprise_linux_server_tus	8.2	8.2.x
redhat / enterprise_linux_server_aus	8.2	8.2.x
redhat / enterprise_linux_server_tus	8.4	8.4.x
redhat / enterprise_linux_eus	8.4	8.4.x
redhat / enterprise_linux_server_aus	8.4	8.4.x
redhat / enterprise_linux_server_aus	8.6	8.6.x
redhat / enterprise_linux_server_tus	8.6	8.6.x
redhat / enterprise_linux_eus	8.6	8.6.x
oracle / graalvm	20.0.0	20.0.0.x
oracle / graalvm	19.3.1	19.3.1.x