Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
oak's path traversal allows transfer of hidden files within the served root directory
Vulnerability Description
`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue.
CVSS Information
N/A
Vulnerability Type
路径遍历:’…/…//’
Vulnerability Title
oak 安全漏洞
Vulnerability Description
oak是oak开源的一个中间件框架。 oak 17.1.3之前版本存在安全漏洞。攻击者利用该漏洞可以读取敏感的用户数据或获取服务器机密的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A