Create CVE-2024-49770

[KoYejune0302]

Template / PR Information

• Added CVE-2024-49770

`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue.

• References:
  https://nvd.nist.gov/vuln/detail/CVE-2024-49770

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[ertygiq]

@KoYejune0302 why 'temp' directory?

[KoYejune0302]

@ertygiq
This vulnerability occurs when using the Oak library, where if the hidden option is set to false, hidden files become visible when paths are crafted using "%2F".

This is the server.ts I used to test locally

// server.ts

import { Application } from "jsr:@oak/[email protected]";

const app = new Application();

app.use(async (context, next) => {
  try {
    await context.send({
      root: './root',
      hidden: false, // default
    });
  } catch {
    await next();
  }
});

await app.listen({ port: 8000 });

[GeorginaReeder]

Thanks for your contribution @KoYejune0302 ! :)