CVE-2019-15605

CVE-2019-15605 describes HTTP request smuggling due to malformed Transfer-Encoding in Node.js contexts. Connected advisories show affected components as http-parser across various Linux distributions and Node.js builds, with remediation via updating http-parser (and related Node.js packages) to p...

CVE-2019-15606

CVE-2019-15606 affects Node.js 10.x, 12.x and 13.x where trailing whitespace in HTTP header values can bypass header-based authorization. Public disclosures in Debian (DSA-4669-1) and Gentoo/Gentoo GLSA-202003-48 confirm multipleVulns including 15606; Elastic KB notes DoS/HTTP‑smuggling implicati...

CVE-2019-15604

CVE-2019-15604 concerns Node.js TLS handling with improper certificate validation, leading to a potential DoS through a crafted X.509 certificate. The issue affects Node.js 10, 12, and 13 and is mitigated by upgrading to versions where the fix is applied (e.g., Node.js 10.19.0+, 12.15.0+ as cited...