FLAT-TO59K – Vulnerability | Fluid Attacks Database

Database

Description

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.12	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.1-r0 \|\| =10.16.2-r0 \|\| =10.16.3-r0 \|\| =12.13.0-r0 \|\| =12.13.0-r1 \|\| =12.13.1-r0 \|\| =12.14.0-r0 \|\| =12.14.1-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <12.15.0-r0	12.15.0-r0
alpine v3.18	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.1-r0 \|\| =10.16.2-r0 \|\| =10.16.3-r0 \|\| =12.13.0-r0 \|\| =12.13.0-r1 \|\| =12.13.1-r0 \|\| =12.14.0-r0 \|\| =12.14.1-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <12.15.0-r0	12.15.0-r0
alpine v3.9	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.3-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <10.19.0-r0	10.19.0-r0
debian 11	nodejs	>=0 <10.19.0~dfsg-1	10.19.0~dfsg-1
debian 11	http-parser	>=0 <2.9.4-2	2.9.4-2
alpine v3.19	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.1-r0 \|\| =10.16.2-r0 \|\| =10.16.3-r0 \|\| =12.13.0-r0 \|\| =12.13.0-r1 \|\| =12.13.1-r0 \|\| =12.14.0-r0 \|\| =12.14.1-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <12.15.0-r0	12.15.0-r0
alpine v3.10	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.3-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <10.19.0-r0	10.19.0-r0
alpine v3.11	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.1-r0 \|\| =10.16.2-r0 \|\| =10.16.3-r0 \|\| =12.13.0-r0 \|\| =12.13.0-r1 \|\| =12.13.1-r0 \|\| =12.14.0-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <12.15.0-r0	12.15.0-r0
alpine v3.14	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.1-r0 \|\| =10.16.2-r0 \|\| =10.16.3-r0 \|\| =12.13.0-r0 \|\| =12.13.0-r1 \|\| =12.13.1-r0 \|\| =12.14.0-r0 \|\| =12.14.1-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <12.15.0-r0	12.15.0-r0
alpine v3.20	nodejs	=10.13.0-r0 \|\| =10.14.0-r0 \|\| =10.14.1-r0 \|\| =10.14.2-r0 \|\| =10.15.1-r0 \|\| =10.15.3-r0 \|\| =10.16.0-r0 \|\| =10.16.1-r0 \|\| =10.16.2-r0 \|\| =10.16.3-r0 \|\| =12.13.0-r0 \|\| =12.13.0-r1 \|\| =12.13.1-r0 \|\| =12.14.0-r0 \|\| =12.14.1-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.5.0-r0 \|\| =6.10.0-r0 \|\| =6.10.1-r0 \|\| =6.10.3-r0 \|\| =6.11.0-r0 \|\| =6.11.1-r0 \|\| =6.11.1-r1 \|\| =6.11.1-r2 \|\| =6.11.2-r0 \|\| =6.11.3-r0 \|\| =6.11.4-r0 \|\| =6.11.5-r0 \|\| =6.9.1-r0 \|\| =6.9.1-r1 \|\| =6.9.2-r0 \|\| =6.9.4-r0 \|\| =6.9.4-r1 \|\| =6.9.5-r0 \|\| =6.9.5-r1 \|\| =8.10.0-r0 \|\| =8.11.0-r0 \|\| =8.11.0-r1 \|\| =8.11.1-r0 \|\| =8.11.1-r1 \|\| =8.11.1-r2 \|\| =8.11.2-r0 \|\| =8.11.3-r0 \|\| =8.11.3-r1 \|\| =8.11.3-r2 \|\| =8.11.3-r3 \|\| =8.11.4-r0 \|\| =8.12.0-r0 \|\| =8.9.0-r0 \|\| =8.9.1-r0 \|\| =8.9.2-r0 \|\| =8.9.3-r0 \|\| =8.9.3-r1 \|\| =8.9.4-r0 \|\| >=0 <12.15.0-r0	12.15.0-r0

1-10 of 27

10

Aliases

1. CVE-2019-156052. NVD-2019-156053. OSV-ALPINE-2019-156054. OSV-2019-156055. OSV-DEBIAN-2019-156056. SECURITY-CVE-2019-156057. SECURITY-TRACKER-CVE-2019-15605

References

1. https://github.com/0-9194/node-poc-http-smuggling

FLAT-TO59K – Vulnerability | Fluid Attacks Database