VYPR

Go modules package

github.com/charmbracelet/wish

pkg:golang/github.com/charmbracelet/wish

Vulnerabilities (1)

  • CVE-2026-41589CriMay 7, 2026
    affected <= 1.4.7

    Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary file