oak Fixes Bypassed Security Feature in Prior Versions
CVE-2024-49770

Currently unrated

Key Information:

Vendor

Oakserver

Status
Oak
Vendor
CVE Published:
1 November 2024

What is CVE-2024-49770?

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded form %2F. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

oak < 17.1.3

References

https://github.com/oakserver/oak/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/oakserver/oak/commit/4b2f27efd5cba5a45...
x_refsource_MISC
https://github.com/oakserver/oak/blob/3896fe568b25ac0b4c5...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.