GHSA-R3V7-PC4G-7XP9 Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers

Summary With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it's possible to significantly slow down an oak server. Vulnerable Code - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL87 - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL142 PoC - setu...

Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers

Summary With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it's possible to significantly slow down an oak server. Vulnerable Code - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL87 - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL142 PoC - setu...

Regular Expression Denial of Service (ReDoS)

Overview @oakserver/oak is an A middleware framework for handling HTTP requests Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the x-forwarded-proto or x-forwarded-for headers. An attacker can cause significant performance degradation by sending...

Oak Server < 17.1.3 Path Traversal

Oak Server versions prior to 17.1.3 suffer from a vulnerability allowing an attacker, via a specially forged request, to access arbitrary files in the root folder. No source data...