CVE-2025-55152

oak: ReDoS in x-forwarded-proto and x-forwarded-for headers

CVSS 5.3 MEDIUMEPSS 0.4%CWE-1333 CWE-400

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 ago 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Productos afectados

oakserver · oak

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/oakserver/oak/commit/b60e60330ef227707c4dc13ef0ea36192d894f44 https://github.com/oakserver/oak/security/advisories/GHSA-r3v7-pc4g-7xp9