VYPR

Ewe

by Vshakitskiy

hex: ewe

Source repositories

CVEs (3)

  • CVE-2026-32873HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.01

    ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers function where rejected trailer headers (forbidden or undeclared) cause an infinite loop. When handle_trailers encounters such a trailer, three code paths (lines 520, 523, 526) recurse…

  • CVE-2026-34715MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.00

    ewe is a Gleam web server. Prior to version 3.0.6, the encode_headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF (\r\n) sequences. An application that passes…

  • CVE-2026-32881Mar 20, 2026
    risk 0.00cvss epss 0.00

    ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the…