CVE-2024-49770

Vulnerability Description

`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue.

Vulnerability Details

Published Date

November 01, 2024

Last Modified

November 01, 2024

Source

NVD

CVE-2024-49770

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment