CVE-2025-55152

oak: ReDoS in x-forwarded-proto and x-forwarded-for headers

CVSS 5.3 MEDIUMEPSS 0.4%CWE-1333 CWE-400

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 ago 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Produtos afetados

oakserver · oak

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/oakserver/oak/commit/b60e60330ef227707c4dc13ef0ea36192d894f44 https://github.com/oakserver/oak/security/advisories/GHSA-r3v7-pc4g-7xp9