VYPR

rpm package

opensuse/gleam&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/gleam&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2026-43965MedJun 2, 2026
    affected < 1.17.0-1.1fixed 1.17.0-1.1

    Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::read_from_disc are passed without validation to paths.build

  • CVE-2026-42795MedJun 2, 2026
    affected < 1.17.0-1.1fixed 1.17.0-1.1

    Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers (gleam_files, native_files, private_files) in compiler-cli/src/fs.rs use follow_links(true) when walki

  • CVE-2026-32685MedJun 2, 2026
    affected < 1.17.0-1.1fixed 1.17.0-1.1

    Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient