Denial of Service Vulnerability in Oak Middleware Framework for Deno, Node.js, Cloudflare Workers, and Bun
CVE-2025-55152
Currently unrated
What is CVE-2025-55152?
In versions 17.1.5 and earlier of the Oak middleware framework, a vulnerability exists that can be exploited to significantly degrade server performance. This occurs when specially crafted values are sent through the x-forwarded-proto or x-forwarded-for headers, leading to a denial of service condition on the server. The affected environments include Deno's native HTTP server, Deno Deploy, Node.js starting from version 16.5, Cloudflare Workers, and Bun. It is crucial for users to upgrade to the latest version to mitigate this risk.