3 matches found
windmill-cli (>=0.0.1 <=0.0.13) potentially affected by CVE-2024-49770 via @oakserver/oak (>=12.6.2 <=14.1.0)
@oakserver/oak NPM version =12.6.2, =0.0.1, =0.0.13 Source cves: CVE-2024-49770 Source advisory: OSV:GHSA-QM92-93FV-VH7M...
CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...
CVE-2024-49770
creationtimestamp| type| source ---|---|--- 2024-11-01 09:08:14+00:00| published-proof-of-concept| https://github.com/oakserver/oak/security/advisories/GHSA-qm92-93fv-vh7m 2024-11-01 18:42:08+00:00| seen| https://t.me/cvedetector/9624...