Show plain JSON{"containers": {"cna": {"affected": [{"product": "Node", "vendor": "NodeJS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "4.0", "status": "affected", "lessThan": "4.*"}, {"versionType": "semver", "version": "5.0", "status": "affected", "lessThan": "5.*"}, {"versionType": "semver", "version": "6.0", "status": "affected", "lessThan": "6.*"}, {"versionType": "semver", "version": "7.0", "status": "affected", "lessThan": "7.*"}, {"versionType": "semver", "version": "8.0", "status": "affected", "lessThan": "8.*"}, {"versionType": "semver", "version": "9.0", "status": "affected", "lessThan": "9.*"}, {"versionType": "semver", "version": "10.0", "status": "affected", "lessThan": "10.19.0"}, {"versionType": "semver", "version": "11.0", "status": "affected", "lessThan": "11.*"}, {"versionType": "semver", "version": "12.0", "status": "affected", "lessThan": "12.15.0"}, {"versionType": "semver", "version": "13.0", "status": "affected", "lessThan": "13.8.0"}]}], "descriptions": [{"lang": "en", "value": "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "HTTP Request Smuggling (CWE-444)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-04-30T22:24:23.404Z"}, "references": [{"name": "FEDORA-2020-3838c8ea98", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/"}, {"name": "FEDORA-2020-47efc31973", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/"}, {"name": "RHSA-2020:0573", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0573"}, {"name": "RHSA-2020:0579", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0579"}, {"name": "RHSA-2020:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0597"}, {"name": "RHSA-2020:0598", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0598"}, {"name": "RHSA-2020:0602", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0602"}, {"name": "openSUSE-SU-2020:0293", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"}, {"name": "RHSA-2020:0703", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0703"}, {"name": "RHSA-2020:0707", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0707"}, {"name": "RHSA-2020:0708", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0708"}, {"name": "GLSA-202003-48", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-48"}, {"name": "DSA-4669", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4669"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/release/v13.8.0/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/release/v10.19.0/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/release/v12.15.0/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200221-0004/"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/735748"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-15605", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/nodejs/node", "version": {"version_data": [{"version_value": "10.19.0, 12.15.0, 13.8.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "HTTP Request Smuggling (CWE-444)"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2020-3838c8ea98", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/"}, {"name": "FEDORA-2020-47efc31973", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/"}, {"name": "RHSA-2020:0573", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0573"}, {"name": "RHSA-2020:0579", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0579"}, {"name": "RHSA-2020:0597", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0597"}, {"name": "RHSA-2020:0598", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0598"}, {"name": "RHSA-2020:0602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0602"}, {"name": "openSUSE-SU-2020:0293", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"}, {"name": "RHSA-2020:0703", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0703"}, {"name": "RHSA-2020:0707", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0707"}, {"name": "RHSA-2020:0708", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0708"}, {"name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48"}, {"name": "DSA-4669", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4669"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://nodejs.org/en/blog/release/v13.8.0/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/release/v13.8.0/"}, {"name": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"}, {"name": "https://nodejs.org/en/blog/release/v10.19.0/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/release/v10.19.0/"}, {"name": "https://nodejs.org/en/blog/release/v12.15.0/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/release/v12.15.0/"}, {"name": "https://security.netapp.com/advisory/ntap-20200221-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200221-0004/"}, {"name": "https://hackerone.com/reports/735748", "refsource": "MISC", "url": "https://hackerone.com/reports/735748"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:49:13.764Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2020-3838c8ea98", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/"}, {"name": "FEDORA-2020-47efc31973", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/"}, {"name": "RHSA-2020:0573", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0573"}, {"name": "RHSA-2020:0579", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0579"}, {"name": "RHSA-2020:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0597"}, {"name": "RHSA-2020:0598", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0598"}, {"name": "RHSA-2020:0602", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0602"}, {"name": "openSUSE-SU-2020:0293", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"}, {"name": "RHSA-2020:0703", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0703"}, {"name": "RHSA-2020:0707", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0707"}, {"name": "RHSA-2020:0708", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0708"}, {"name": "GLSA-202003-48", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-48"}, {"name": "DSA-4669", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4669"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/release/v13.8.0/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/release/v10.19.0/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/release/v12.15.0/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200221-0004/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/735748"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-15605", "datePublished": "2020-02-07T14:55:22", "dateReserved": "2019-08-26T00:00:00", "dateUpdated": "2025-04-30T22:24:23.404Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}