vulnerability
Oracle Linux: CVE-2019-15604: ELSA-2020-0579: nodejs:10 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Feb 7, 2020 | Mar 2, 2020 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Feb 7, 2020
Added
Mar 2, 2020
Modified
Dec 3, 2025
Description
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.
An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.
Solutions
oracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-npm
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.