PT-2020-6591 · Node.Js+9 · Node.Js+9

Published

2020-02-07

·

Updated

2026-05-18

·

CVE-2019-15605

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Node.js versions 10 through 13
Description The issue is related to HTTP request smuggling in Node.js, which can lead to the delivery of malicious payloads when the transfer-encoding is malformed. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations For Node.js versions 10 through 13, update to a version that includes a fix for this issue, as the current versions are affected by the HTTP request smuggling vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2020:0579
ALSA-2020:0598
ALT-PU-2020-1195
ALT-PU-2020-2195
BDU:2022-00330
CESA-2020_0579
CESA-2020_0598
CESA-2020_0703
CESA-2020_0708
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CVE-2019-15605
DSA-4669-1
MGASA-2020-0131
MGASA-2020-0372
OPENSUSE-SU-2020:0293-1
OPENSUSE-SU-2020_0293-1
RHSA-2020:0573
RHSA-2020:0579
RHSA-2020:0597
RHSA-2020:0598
RHSA-2020:0602
RHSA-2020:0703
RHSA-2020:0707
RHSA-2020:0708
RHSA-2020:1510
RHSA-2020_0579
RHSA-2020_0598
RHSA-2020_0703
RHSA-2020_0708
RLSA-2020:0579
RLSA-2020:0598
SUSE-SU-2020:0427-1
SUSE-SU-2020:0429-1
SUSE-SU-2020:0454-1
SUSE-SU-2020:0455-1
SUSE-SU-2020:0488-1
USN-6380-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Node.Js
Red Hat
Rocky Linux
Suse
Ubuntu