VDB
ALPINE-CVE-2019-15606
ALPINE-CVE-2019-15606
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.17 | nodejs | 6.9.1-r1, 12.13.0-r0, 6.11.1-r0 |
| Alpine:v3.13 | nodejs | 6.9.1-r0, 6.11.1-r2, 6.11.1-r1 |
| Alpine:v3.9 | nodejs | 10.15.1-r0, 10.15.3-r0, 10.16.0-r0 |
| Alpine:v3.11 | nodejs | 4.4.5-r0, 4.4.7-r0, 4.5.0-r0 |
| Alpine:v3.14 | nodejs | 8.9.1-r0, 0, 10.13.0-r0 |
| Alpine:v3.19 | nodejs | 10.14.0-r0, 10.14.1-r0, 10.14.2-r0 |
| Alpine:v3.24 | nodejs | 0, 0 |
| Alpine:v3.15 | nodejs | 0, 10.13.0-r0, 10.14.0-r0 |
| Alpine:v3.16 | nodejs | 8.9.3-r1, 0, 0 |
| Alpine:v3.18 | nodejs | 0, 0, 8.9.4-r0 |
| Alpine:v3.12 | nodejs | 10.16.0-r0, 0, 0 |
| Alpine:v3.20 | nodejs | 6.11.1-r0, 6.11.1-r2, 10.16.0-r0 |
| Alpine:v3.22 | nodejs | 0, 0, 0 |
| Alpine:v3.23 | nodejs | 0, 0, 0 |
| Alpine:v3.21 | nodejs | 0, 0, 0 |
| Alpine:v3.10 | nodejs | 10.15.3-r0, 10.15.1-r0, 10.14.2-r0 |
Timeline
- Feb 7, 2020 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated