CVE-2019-15605

Опубликовано: 07 фев. 2020

Источник: debian

EPSS Средний

Описание

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Пакет	Статус	Версия исправления	Релиз	Тип
nodejs	fixed	10.19.0~dfsg-1		package
nodejs	ignored		stretch	package
nodejs	end-of-life		jessie	package
http-parser	fixed	2.9.4-2		package
http-parser	fixed	2.8.1-1+deb10u1	buster	package
http-parser	ignored		stretch	package
http-parser	ignored		jessie	package

https://hackerone.com/reports/735748
https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b (http-parser)
nodejs/10.19.0~dfsg-1 contains both the source fix but switches as well
back to use shared libhttp-parser again.

EPSS

Процентиль: 97%

0.32252

Средний

CVE-2019-15605

CVSS3: 9.8

ubuntu

больше 5 лет назад

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

CVE-2019-15605

CVSS3: 7.1

redhat

больше 5 лет назад

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

CVE-2019-15605

CVSS3: 9.8

nvd

больше 5 лет назад

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

GHSA-rv6p-2q56-m955

CVSS3: 9.8

github

около 3 лет назад

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

ELSA-2020-0708

oracle-oval

больше 5 лет назад

ELSA-2020-0708: http-parser security update (IMPORTANT)

EPSS

Процентиль: 97%

0.32252

Средний