Lucene search
K

80 matches found

EUVD
EUVD
added 2026/04/11 12:59 p.m.5 views

EUVD-2026-21680

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

6.2CVSS5.9AI score0.00239EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/11 12:59 p.m.3 views

CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

8.3CVSS5.9AI score0.00239EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2026/04/11 12:59 p.m.7 views

CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

8.3CVSS6AI score0.00239EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/11 12:59 p.m.30 views

CVE-2026-32146 Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

8.3CVSS0.00239EPSS
Exploits1References5
OSV
OSV
added 2026/04/11 12:59 p.m.5 views

EEF-CVE-2026-32146 Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification

Summary Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or...

8.3CVSS6AI score0.00239EPSS
Exploits1References4
CVE
CVE
added 2026/04/11 12:59 p.m.13 views

CVE-2026-32146

CVE-2026-32146 is an improper path validation flaw in the Gleam compiler’s handling of git dependencies during dependency download. Attacker-controlled paths (via relative traversal like ../ or absolute paths) can target filesystem locations outside the intended dependency directory, enabling del...

8.6CVSS5.9AI score0.00239EPSS
Exploits1References8Affected Software1
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.6 views

gleam 安全漏洞

Gleam is an open-source, type-safe, extensible system construction language developed by Gleam. There are security vulnerabilities in Gleam versions 1.9.0-rc1 and earlier, up to 1.16.0-rc1, due to improper path validation when handling git dependencies. These vulnerabilities could lead to arbitra...

8.3CVSS5.9AI score0.00239EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.3 views

PT-2026-32098

Name of the Vulnerable Software and Affected Versions Gleam versions 1.9.0-rc1 through 1.15.3 and 1.16.0-rc1 Description An improper path validation issue exists in the Gleam compiler when handling git dependencies during the dependency download process. Dependency names from gleam.toml and...

8.3CVSS6.3AI score0.00239EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/04/03 10:58 a.m.5 views

CVE-2026-32145

Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipartbody function bypasses configured maxbodysize and maxfilessize limits. When a multipart boundary is not present in a chunk, the parser tak...

8.7CVSS5.9AI score0.00622EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 3:40 a.m.4 views

EUVD-2026-18186

wisp has Allocation of Resources Without Limits or Throttling...

8.7CVSS5.9AI score0.00622EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:57 p.m.3 views

CVE-2026-34715

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS5.5AI score0.00327EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/02 11:16 a.m.7 views

CVE-2026-32145

Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipartbody function bypasses configured maxbodysize and maxfilessize limits. When a multipart boundary is not present in a chunk, the parser tak...

8.7CVSS0.00622EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 10:30 a.m.2 views

CVE-2026-32145

Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipartbody function bypasses configured maxbodysize and maxfilessize limits. When a multipart boundary is not present in a chunk, the parser tak...

8.7CVSS5.9AI score0.00622EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

Wisp 安全漏洞

Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 0.2.0 to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in multi-part form parsing that bypassed resource limits,...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 10:18 p.m.3 views

GHSA-X2W3-23JR-HRPF ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

Summary The encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into response headers e.g., setting a Location redire...

5.3CVSS6AI score0.00327EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29666

Name of the Vulnerable Software and Affected Versions Ewe versions prior to 3.0.6 Description The encode headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF r sequences. This allows an...

5.3CVSS5.5AI score0.00327EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-32881

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-28807

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS7.4AI score0.01056EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:18 a.m.1 views

CVE-2026-32881

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/20 1:18 a.m.4 views

CVE-2026-32881 ewe has an Overly Permissive List of Allowed Inputs

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References6
Rows per page
Query Builder