CVE-2019-15605

Description

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Affected packages (3)

• Alpine/nodejsfrom 0, < 10.19.0-r0
• Debian/http-parserfrom 0, < 2.9.4-2
• Debian/nodejsfrom 0, < 10.19.0~dfsg-1

CVSS scores

References (2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-15605
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-15605