Web-Framework

The Salvo web framework before version 0.89.3 is vulnerable to denial of service due to unbounded memory allocation when parsing form data, enabling attackers to crash services by sending large payloads.

Salvo web framework versions 0.39.0 through 0.89.2 are vulnerable to Path Traversal and Access Control Bypass, allowing unauthenticated external attackers to bypass proxy routing constraints and access unintended backend paths.