Search for packages
| purl | pkg:deb/ubuntu/nodejs@10.15.2~dfsg-1 |
| Next non-vulnerable version | 10.19.0~dfsg-3ubuntu1 |
| Latest non-vulnerable version | 10.19.0~dfsg-3ubuntu1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6uvj-k3c9-aaab
Aliases: CVE-2019-15605 |
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed |
Affected by 0 other vulnerabilities. |
|
VCID-mg9f-35c4-aaaq
Aliases: CVE-2019-15606 |
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons |
Affected by 0 other vulnerabilities. |
|
VCID-uet3-61m4-aaar
Aliases: CVE-2019-15604 |
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-k7y3-nr4h-aaaq | In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1. |
CVE-2019-5737
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|