Skip to main content

Wisp

2 CVEs product

Monthly

CVE-2026-32145 HIGH PATCH GHSA This Week

Denial of service in gleam-wisp wisp 0.2.0 through 2.2.1 allows unauthenticated remote attackers to exhaust server memory or disk by sending arbitrarily large multipart form submissions that bypass configured size limits. The multipart_body and multipart_headers parsing functions fail to properly decrement resource quotas for chunks lacking multipart boundaries, enabling attackers to accumulate unbounded data in a single HTTP request. Patch available as of version 2.2.2.

Denial Of Service Wisp
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-28807 HIGH GHSA This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.serve_static function is vulnerable to path traversal because sanitization runs before percent-decoding.

Path Traversal Wisp
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in gleam-wisp wisp 0.2.0 through 2.2.1 allows unauthenticated remote attackers to exhaust server memory or disk by sending arbitrarily large multipart form submissions that bypass configured size limits. The multipart_body and multipart_headers parsing functions fail to properly decrement resource quotas for chunks lacking multipart boundaries, enabling attackers to accumulate unbounded data in a single HTTP request. Patch available as of version 2.2.2.

Denial Of Service Wisp
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.serve_static function is vulnerable to path traversal because sanitization runs before percent-decoding.

Path Traversal Wisp
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy