Npm/@Oakserver/Oak | GitLab Advisory Database

Path traversal in oak allows transfer of hidden files within the served root directory

By default oak does not allow transferring of hidden files with Context.send API. However, this can be bypassed by encoding / as its URL encoded form %2F.

Advisories for Npm/@Oakserver/Oak package