Vulnerability CVE-2019-15606: Information
Description
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
node | sisyphus | 13.8.0-alt1 | 20.12.2-alt1 | ALT-PU-2020-1195-1 | 245867 | Fixed |
node | p10 | 13.8.0-alt1 | 16.19.1-alt1 | ALT-PU-2020-1195-1 | 245867 | Fixed |
node | p9 | 14.3.0-alt1 | 14.17.2-alt1 | ALT-PU-2020-2195-1 | 247371 | Fixed |
node | c10f1 | 13.8.0-alt1 | 16.19.1-alt1 | ALT-PU-2020-1195-1 | 245867 | Fixed |
node | c9f2 | 14.3.0-alt1 | 16.19.1-alt0.c9.1 | ALT-PU-2020-2195-1 | 247371 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://nodejs.org/en/blog/release/v13.8.0/ |
|
https://hackerone.com/reports/730779 |
|
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ |
|
https://nodejs.org/en/blog/release/v10.19.0/ |
|
https://nodejs.org/en/blog/release/v12.15.0/ |
|
RHSA-2020:0573 |
|
https://security.netapp.com/advisory/ntap-20200221-0004/ |
|
RHSA-2020:0579 |
|
RHSA-2020:0598 |
|
RHSA-2020:0597 |
|
RHSA-2020:0602 |
|
openSUSE-SU-2020:0293 |
|
GLSA-202003-48 |
|
N/A |
|
DSA-4669 |
|
N/A |
|