VulnerableCode Package Details - pkg:deb/debian/http-parser@2.8.1-1%2Bdeb10u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-6uvj-k3c9-aaab Aliases: CVE-2019-15605	HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed	2.9.4-4+deb11u1 Affected by 0 other vulnerabilities.
VCID-d15h-ng65-aaab Aliases: CVE-2020-8287	Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.	2.9.4-4+deb11u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6uvj-k3c9-aaab
Aliases:
CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

2.9.4-4+deb11u1
Affected by 0 other vulnerabilities.

VCID-d15h-ng65-aaab
Aliases:
CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.

2.9.4-4+deb11u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6uvj-k3c9-aaab	HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed	CVE-2019-15605

Vulnerability

Summary

Aliases

VCID-6uvj-k3c9-aaab

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

CVE-2019-15605

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T03:00:17.441896+00:00	Debian Importer	Affected by	VCID-d15h-ng65-aaab	None	36.1.3
2025-06-21T14:16:29.128536+00:00	Debian Oval Importer	Fixing	VCID-6uvj-k3c9-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:04:16.041960+00:00	Debian Oval Importer	Affected by	VCID-d15h-ng65-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T02:27:03.410596+00:00	Debian Oval Importer	Affected by	VCID-d15h-ng65-aaab	None	36.1.3
2025-06-21T02:11:22.321821+00:00	Debian Oval Importer	Affected by	VCID-6uvj-k3c9-aaab	None	36.1.3
2025-06-20T21:47:04.122179+00:00	Debian Oval Importer	Fixing	VCID-6uvj-k3c9-aaab	None	36.1.3
2025-06-08T12:59:21.281109+00:00	Debian Oval Importer	Affected by	VCID-6uvj-k3c9-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T07:09:51.472675+00:00	Debian Oval Importer	Fixing	VCID-6uvj-k3c9-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:12:28.451367+00:00	Debian Oval Importer	Affected by	VCID-d15h-ng65-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T19:50:58.673289+00:00	Debian Oval Importer	Affected by	VCID-d15h-ng65-aaab	None	36.1.0
2025-06-07T19:35:07.904827+00:00	Debian Oval Importer	Affected by	VCID-6uvj-k3c9-aaab	None	36.1.0
2025-06-07T15:10:07.512344+00:00	Debian Oval Importer	Fixing	VCID-6uvj-k3c9-aaab	None	36.1.0
2025-04-12T20:37:10.528981+00:00	Debian Oval Importer	Affected by	VCID-d15h-ng65-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:46:41.468852+00:00	Debian Oval Importer	Affected by	VCID-6uvj-k3c9-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T05:42:24.144900+00:00	Debian Oval Importer	Fixing	VCID-6uvj-k3c9-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:43:26.023184+00:00	Debian Oval Importer	Affected by	VCID-d15h-ng65-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T18:28:48.740508+00:00	Debian Oval Importer	Affected by	VCID-d15h-ng65-aaab	None	36.0.0
2025-04-07T18:12:50.317285+00:00	Debian Oval Importer	Affected by	VCID-6uvj-k3c9-aaab	None	36.0.0
2025-04-07T13:41:50.923139+00:00	Debian Oval Importer	Fixing	VCID-6uvj-k3c9-aaab	None	36.0.0
2025-04-06T20:34:56.522734+00:00	Debian Importer	Fixing	VCID-6uvj-k3c9-aaab	None	36.0.0
2025-04-05T21:22:12.214236+00:00	Debian Importer	Affected by	VCID-d15h-ng65-aaab	None	36.0.0
2025-02-19T18:41:11.940722+00:00	Debian Importer	Affected by	VCID-d15h-ng65-aaab	None	35.1.0
2025-02-19T07:17:44.534192+00:00	Debian Importer	Fixing	VCID-6uvj-k3c9-aaab	None	35.1.0
2024-04-24T20:45:07.997968+00:00	Debian Importer	Affected by	VCID-d15h-ng65-aaab	None	34.0.0rc4
2024-04-24T14:44:28.901960+00:00	Debian Importer	Fixing	VCID-6uvj-k3c9-aaab	None	34.0.0rc4
2024-01-10T21:55:24.563435+00:00	Debian Importer	Affected by	VCID-d15h-ng65-aaab	None	34.0.0rc2
2024-01-10T17:27:58.370475+00:00	Debian Importer	Fixing	VCID-6uvj-k3c9-aaab	None	34.0.0rc2
2024-01-04T11:10:14.059259+00:00	Debian Importer	Affected by	VCID-d15h-ng65-aaab	None	34.0.0rc1
2024-01-04T07:05:16.843281+00:00	Debian Importer	Fixing	VCID-6uvj-k3c9-aaab	None	34.0.0rc1

2025-06-22T03:00:17.441896+00:00

Debian Importer

Affected by

Next non-vulnerable version	2.9.4-4+deb11u1
Latest non-vulnerable version	2.9.4-4+deb11u1
Risk	4.4