CVE-2019-5737

🗓️ 28 Mar 2019 16:20:28Reported by nodejsType

Vulnerability in Node.js allows slow header attack to cause Do

Reporter	Title	Published	Views	Family All 132
IBM Security Bulletins	Security Bulletin: A vulnerability in Node.js affects IBM Cloud App Management V2018	6 Sep 201912:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)	2 Jul 201917:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by vulnerabilities in the shipped Node runtime	29 Mar 201910:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737)	6 Jun 201915:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737)	5 Dec 202219:00	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)	14 Sep 202215:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud	6 Jun 201920:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)	28 Jan 202018:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway	2 Apr 201905:10	–	ibm
IBM Security Bulletins	Security Bulletin: Secure Gateway is affected by multiple vulnerabilities	6 Jun 201917:15	–	ibm

[
  {
    "product": "Node.js",
    "vendor": "Node.js",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 6.17.0"
      },
      {
        "status": "affected",
        "version": "All versions prior to 8.15.1"
      },
      {
        "status": "affected",
        "version": "All versions prior to 10.15.2"
      },
      {
        "status": "affected",
        "version": "All versions prior to 11.10.1"
      }
    ]
  }
]

Source	Link
security	www.security.gentoo.org/glsa/202003-48
access	www.access.redhat.com/errata/RHSA-2019:1821
lists	www.lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
lists	www.lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
security	www.security.netapp.com/advisory/ntap-20190502-0008/
lists	www.lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html
nodejs	www.nodejs.org/en/blog/vulnerability/february-2019-security-releases/

20 Mar 2020 20:06Current

7.8High risk

Vulners AI Score7.8

EPSS0.26351

CWE-400