CVE-2019-15606

Published: Feb 7, 2020
Updated: Apr 13, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-15606" target="_blank" rel="noopener"> CVE-2019-15606
Severity: Critical
Exploit:

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

CVSS v3:

CVSS v2:

No CWE or OWASP classifications available.

Software	From	Fixed in
nodejs / node.js	13.0.0	13.8.0
nodejs / node.js	12.0.0	12.15.0
nodejs / node.js	10.0.0	10.19.0
oracle / graalvm	20.0.0	20.0.0.x
oracle / graalvm	19.3.1	19.3.1.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.4.0	1.4.0.x
debian / debian_linux	10.0	10.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_eus	8.1	8.1.x
opensuse / leap	15.1	15.1.x