CVE-2025-55152: Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers
With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it’s possible to significantly slow down an oak server.
References
- github.com/advisories/GHSA-r3v7-pc4g-7xp9
- github.com/oakserver/oak
- github.com/oakserver/oak/blob/v17.1.5/request.ts
- github.com/oakserver/oak/blob/v17.1.5/request.ts
- github.com/oakserver/oak/commit/b60e60330ef227707c4dc13ef0ea36192d894f44
- github.com/oakserver/oak/security/advisories/GHSA-r3v7-pc4g-7xp9
- nvd.nist.gov/vuln/detail/CVE-2025-55152
Code Behaviors & Features
Detect and mitigate CVE-2025-55152 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →