oak: ReDoS in x-forwarded-proto and x-forwarded-for headers_CVE-2025-55152

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.

Basic Information

ID CVE-2025-55152

Source GitHub_M

Published Aug 9, 2025 at 01:29

Affected Product

Vendor oakserver

Product oak

Version < 17.1.6

Affected Versions oakserver oak < 17.1.6

CWE Classification

CWE-400 CWE-1333

References

{
    "lastseen": "",
    "description": "oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.",
    "published": "2025-08-09T01:29:54.545Z",
    "modified": "2025-08-09T01:29:54.545Z",
    "type": "cve",
    "title": "oak: ReDoS in x-forwarded-proto and x-forwarded-for headers",
    "source": "GitHub_M",
    "references": "https://github.com/oakserver/oak/security/advisories/GHSA-r3v7-pc4g-7xp9\nhttps://github.com/oakserver/oak/commit/b60e60330ef227707c4dc13ef0ea36192d894f44",
    "id": "CVE-2025-55152",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400",
        "CWE-1333"
    ],
    "cvelist": null,
    "sourceData": "oakserver oak < 17.1.6",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "oak",
    "version": "< 17.1.6",
    "vendor": "oakserver",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}