Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-15606
CVE-2019-15606:
npm vulnerability analysis and mitigation
Overview
CVE-2019-15606 is a security vulnerability discovered in Node.js versions 10, 12, and 13 that involves HTTP header values not having trailing optional whitespace trimmed. The vulnerability was disclosed in February 2020 and affects the HTTP header parsing functionality in Node.js (Node Blog).
Technical details
The vulnerability occurs when HTTP header values contain trailing whitespace that is not properly trimmed, which could allow attackers to bypass authorization checks based on header value comparisons. The vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL) indicating high severity (Ubuntu Security).
Impact
Successful exploitation of this vulnerability could allow attackers to bypass security checks that are based on HTTP header value comparisons, potentially leading to unauthorized access and security control bypasses (Red Hat Security).
Mitigation and workarounds
The recommended mitigation is to upgrade to the fixed versions: Node.js 10.19.0, 12.15.0, or 13.8.0 and above. The fix involves properly trimming trailing whitespace from HTTP header values before comparisons (Node Blog).
Additional resources
Source: This report was generated using AI
Related npm vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management