CVE-2019-15604 vulnerability in nodejs and Other Products
Published on February 7, 2020

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

Improper Certificate Validation

The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.

Products Associated with CVE-2019-15604

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-15604 are published in these products:

nodejs node.js

Debian Linux

OpenSuse Leap

Red Hat Software Collections

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux (RHEL)

Oracle GraalVM

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Canonical Ubuntu Linux

Affected Versions

NodeJS Node:

Version 4.0 and below 4.* is affected.
Version 5.0 and below 5.* is affected.
Version 6.0 and below 6.* is affected.
Version 7.0 and below 7.* is affected.
Version 8.0 and below 8.* is affected.
Version 9.0 and below 9.* is affected.
Version 10.0 and below 10.19.0 is affected.
Version 11.0 and below 11.* is affected.
Version 12.0 and below 12.15.0 is affected.
Version 13.0 and below 13.8.0 is affected.

Exploit Probability

EPSS

4.72%

Percentile

89.17%