Medium severity5.3OSV Advisory· Published Aug 9, 2025· Updated Apr 15, 2026
CVE-2025-55152
CVE-2025-55152
Description
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@oakserver/oaknpm | <= 14.1.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-r3v7-pc4g-7xp9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55152ghsaADVISORY
- github.com/oakserver/oak/blob/v17.1.5/request.tsghsaWEB
- github.com/oakserver/oak/blob/v17.1.5/request.tsghsaWEB
- github.com/oakserver/oak/commit/b60e60330ef227707c4dc13ef0ea36192d894f44nvdWEB
- github.com/oakserver/oak/security/advisories/GHSA-r3v7-pc4g-7xp9nvdWEB
News mentions
0No linked articles in our index yet.