9 matches found
CVE-2026-33242
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
CVE-2026-33242
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
salvo 安全漏洞
Salvo is a web framework developed by Salvo OpenSource. Versions of Salvo from 0.39.0 to 0.89.2 have security vulnerabilities. These vulnerabilities stem from the encodeurlpath function in the salvo-proxy component, which fails to normalize the "../sequence", potentially allowing for path travers...
CVE-2026-33242
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
CVE-2026-33242
The GitHub advisory GHSA-F842-PHM9-P4V4 describes a path traversal in the salvo-proxy component of the Salvo Rust framework (v0.89.2). The root cause is encode_url_path failing to normalize path segments (not re-encoding '.' and not handling '..' safely), allowing an unauthenticated attacker to p...
CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...
GHSA-F842-PHM9-P4V4 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...
PT-2026-26303
Name of the Vulnerable Software and Affected Versions Salvo versions 0.39.0 through 0.89.2 Description Salvo, a Rust web framework, contains a Path Traversal and Access Control Bypass issue within its salvo-proxy component. An unauthenticated attacker can bypass proxy routing constraints and acce...