CVE-2019-15606

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Node.js versions 10 through 13

Description The issue is related to insufficient input validation when processing HTTP headers in Node.js, allowing a remote attacker to gain full control over the application through various network protocols. Specifically, including trailing white space in HTTP header values can bypass authorization based on header value comparisons.

Recommendations For Node.js versions 10 through 13, consider restricting or sanitizing HTTP header values to prevent the inclusion of trailing white space, which can be used to bypass authorization mechanisms. As a temporary workaround, consider implementing additional validation checks for HTTP header values to minimize the risk of exploitation.

Exploit

Fix

RCE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-863CWE-138

Related Identifiers

ALSA-2020:0579

ALSA-2020:0598

ALT-PU-2020-1195

ALT-PU-2020-2195

BDU:2020-02545

CESA-2020_0579

CESA-2020_0598

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2019-15606

DSA-4669-1

MGASA-2020-0372

OPENSUSE-SU-2020:0293-1

OPENSUSE-SU-2020_0293-1

RHSA-2020:0573

RHSA-2020:0579

RHSA-2020:0597

RHSA-2020:0598

RHSA-2020:0602

RHSA-2020_0579

RHSA-2020_0598

RLSA-2020:0579

RLSA-2020:0598

SUSE-SU-2020:0427-1

SUSE-SU-2020:0429-1

SUSE-SU-2020:0454-1

SUSE-SU-2020:0455-1

SUSE-SU-2020:0488-1

USN-6380-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Node.Js

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2019-15606

Weakness Enumeration

Related Identifiers

Affected Products

References · 230