Optional whitespace should be trimmed from HTTP header values. Its presence may allow attackers to bypass security checks based on HTTP header values.
External References: https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
Upstream commit: https://github.com/nodejs/node/commit/25b6897e8a HackerOne report (currently not public): https://hackerone.com/reports/730779 Fixed upstream in 10.19.0, 12.15.0, and 13.8.0: https://nodejs.org/en/blog/release/v10.19.0/ https://nodejs.org/en/blog/release/v12.15.0/ https://nodejs.org/en/blog/release/v13.8.0/
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15606
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0598
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602