Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
oak: ReDoS in x-forwarded-proto and x-forwarded-for headers
Vulnerability Description
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
oak 安全漏洞
Vulnerability Description
oak是oak开源的一个中间件框架。 oak 17.1.5及之前版本存在安全漏洞,该漏洞源于x-forwarded-proto或x-forwarded-for标头的特制值可能导致服务器性能下降。
CVSS Information
N/A
Vulnerability Type
N/A