Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers
With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it's possible to significantly slow down an oak server.
With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it's possible to significantly slow down an oak server.
By default oak does not allow transferring of hidden files with Context.send API. However, this can be bypassed by encoding / as its URL encoded form %2F.