VDB

CVE-2019-15606

CVE-2019-15606 PUBLISHED

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

EPSS 1.34% · 80.4th percentile

Risk Scores

EPSS Score
1.34%
80.4th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:18.04:LTSnodejs0, *, *
Ubuntu:Pro:16.04:LTSnodejs*, 0, 0.10.25~dfsg2-2ubuntu1
Ubuntu:Pro:14.04:LTSnodejs0.10.21~dfsg1-1, 0.10.15~dfsg1-4, 0

Timeline

  • CVE Published
  • Feb 24, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 12, 2025 EPSS Score
  • Apr 13, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›