Lucene search

HackeroneCVELIST:CVE-2019-15604

HistoryFeb 07, 2020 - 2:57 p.m.

CVE-2019-15604

2020-02-0714:57:07

CWE-295

hackerone

www.cve.org

8.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

CNA Affected

[
  {
    "product": "https://github.com/nodejs/node",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "10.19.0, 12.15.0, 13.8.0"
      }
    ]
  }
]

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html

access.redhat.com/errata/RHSA-2020:0573

access.redhat.com/errata/RHSA-2020:0579

access.redhat.com/errata/RHSA-2020:0597

access.redhat.com/errata/RHSA-2020:0598

access.redhat.com/errata/RHSA-2020:0602

hackerone.com/reports/746733

nodejs.org/en/blog/release/v10.19.0/

nodejs.org/en/blog/release/v12.15.0/

nodejs.org/en/blog/release/v13.8.0/

nodejs.org/en/blog/vulnerability/february-2020-security-releases/

security.gentoo.org/glsa/202003-48

security.netapp.com/advisory/ntap-20200221-0004/

www.debian.org/security/2020/dsa-4669

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2020.html