0.014 Low
EPSS
Percentile
86.6%
A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.
bugzilla.redhat.com/show_bug.cgi?id=1800366
nodejs.org/en/blog/vulnerability/february-2020-security-releases/
nvd.nist.gov/vuln/detail/CVE-2019-15606
www.cve.org/CVERecord?id=CVE-2019-15606