CVE-2019-15605 vulnerability in nodejs and Other Products
Published on February 7, 2020

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Github Repository Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a HTTP Request Smuggling Vulnerability?

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

CVE-2019-15605 has been classified to as a HTTP Request Smuggling vulnerability or weakness.

Products Associated with CVE-2019-15605

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-15605 are published in these products:

nodejs node.js

Debian Linux

Fedora Project Fedora

OpenSuse Leap

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Linux Server

Red Hat Software Collections

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Eus

Oracle GraalVM

Canonical Ubuntu Linux

Affected Versions

NodeJS Node:

Version 4.0 and below 4.* is affected.
Version 5.0 and below 5.* is affected.
Version 6.0 and below 6.* is affected.
Version 7.0 and below 7.* is affected.
Version 8.0 and below 8.* is affected.
Version 9.0 and below 9.* is affected.
Version 10.0 and below 10.19.0 is affected.
Version 11.0 and below 11.* is affected.
Version 12.0 and below 12.15.0 is affected.
Version 13.0 and below 13.8.0 is affected.

Exploit Probability

EPSS

32.25%

Percentile

96.73%