CVE-2025-55152
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-09
Last updated on: 2025-08-11
Assigner: GitHub, Inc.
Description
Description
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oakserver | oak | 17.1.5 |
| oakserver | oak | 17.1.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the oak middleware framework for various platforms. In versions 17.1.5 and below, an attacker can send specially crafted values in the x-forwarded-proto or x-forwarded-for HTTP headers to significantly slow down an oak server.
How can this vulnerability impact me? :
The vulnerability can be exploited to cause a denial of service by significantly slowing down the oak server, potentially affecting the availability and performance of applications relying on this middleware.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70