CVE-2019-15604
N/A
N/A
Summary
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NodeJS | Node | 4.0 < 4.* | affected |
| NodeJS | Node | 5.0 < 5.* | affected |
| NodeJS | Node | 6.0 < 6.* | affected |
| NodeJS | Node | 7.0 < 7.* | affected |
| NodeJS | Node | 8.0 < 8.* | affected |
| NodeJS | Node | 9.0 < 9.* | affected |
| NodeJS | Node | 10.0 < 10.19.0 | affected |
| NodeJS | Node | 11.0 < 11.* | affected |
| NodeJS | Node | 12.0 < 12.15.0 | affected |
| NodeJS | Node | 13.0 < 13.8.0 | affected |
Weaknesses
- CWE-295: Improper Certificate Validation (CWE-295)
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2020:0573
- https://access.redhat.com/errata/RHSA-2020:0579
- https://access.redhat.com/errata/RHSA-2020:0597
- https://access.redhat.com/errata/RHSA-2020:0598
- https://access.redhat.com/errata/RHSA-2020:0602
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
- https://security.gentoo.org/glsa/202003-48
- https://www.debian.org/security/2020/dsa-4669
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://hackerone.com/reports/746733
- https://nodejs.org/en/blog/release/v13.8.0/
- https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
- https://nodejs.org/en/blog/release/v10.19.0/
- https://nodejs.org/en/blog/release/v12.15.0/
- https://security.netapp.com/advisory/ntap-20200221-0004/
References
- https://access.redhat.com/errata/RHSA-2020:0573
- https://access.redhat.com/errata/RHSA-2020:0579
- https://access.redhat.com/errata/RHSA-2020:0597
- https://access.redhat.com/errata/RHSA-2020:0598
- https://access.redhat.com/errata/RHSA-2020:0602
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
- https://security.gentoo.org/glsa/202003-48
- https://www.debian.org/security/2020/dsa-4669
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://hackerone.com/reports/746733
- https://nodejs.org/en/blog/release/v13.8.0/
- https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
- https://nodejs.org/en/blog/release/v10.19.0/
- https://nodejs.org/en/blog/release/v12.15.0/
- https://security.netapp.com/advisory/ntap-20200221-0004/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.