Louis Pilfold

**Name of the Vulnerable Software and Affected Versions** Gleam versions 1.16.0 through 1.17.0 **Description** A path traversal issue exists in the handling of custom documentation pages. The `documentation.pages` entries within the `gleam.toml` file are incorporated into filesystem paths without sufficient validation. Specifically, the `documentation.pages[].path` field allows writing generated documentation files outside the intended `build/dev/docs/<package>/` directory, and the `documentation.pages[].source` field allows reading files from outside the project directory to embed them into the output. An attacker can exploit this by convincing a victim to run `gleam docs build` on an untrusted project or with malicious `gleam.toml` content, leading to arbitrary file read and write operations. **Recommendations** Update to a version later than 1.17.0. Avoid running `gleam docs build` on untrusted projects. Review `documentation.pages` entries in `gleam.toml` before generating documentation. Run documentation generation in a restricted or isolated environment, such as containers.

**Name of the Vulnerable Software and Affected Versions** Gleam versions 0.10.0-rc1 through 1.17.0 **Description** A symlink following issue in the Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers `gleam files`, `native files`, and `private files` in compiler-cli/src/fs.rs use `follow links(true)` when walking publishable directories such as src/ and priv/. These paths are then added to the package archive via `add path to tar` in compiler-cli/src/publish.rs without verifying that the resolved target remains within the project root. An attacker with write access to the project repository can place a symlink in src/ or priv/ pointing to arbitrary files. When a maintainer or CI pipeline executes the commands "gleam publish" or "gleam export hex-tarball", local files readable by the publisher, such as secrets, tokens, or SSH keys, are silently embedded into the published package artifact. **Recommendations** Update Gleam to a version later than 1.17.0. Avoid running "gleam publish" or "gleam export hex-tarball" on untrusted projects. Review the contents of src/ and priv/ for unexpected symlinks before publishing. Run publishing commands in a restricted or isolated environment, such as containers.

**Name of the Vulnerable Software and Affected Versions** Gleam versions 0.18.0-rc1 through 1.17.0 **Description** A path traversal issue in the dependency management system allows for the recursive deletion of arbitrary directories. This occurs because package keys read from the `build/packages/packages.toml` file by the `LocalPackages::read from disc` function are passed without validation to `paths.build packages package()`. This process constructs a filesystem path by joining the project build directory with an attacker-controlled key, which is then passed to `fs::delete directory` (which calls `remove dir all`). Since the system does not verify if the path remains within the intended `build/packages/` directory, both absolute paths and relative traversal sequences (such as `../`) can be used to target and delete any directory on the victim's system when the `gleam deps download` command is executed on a project containing a malicious configuration file. **Recommendations** Update Gleam to a version later than 1.17.0.

Name of the Vulnerable Software and Affected Versions Gleam versions 1.9.0-rc1 through 1.15.3 and 1.16.0-rc1 Description An improper path validation issue exists in the Gleam compiler when handling git dependencies during the dependency download process. Dependency names from `gleam.toml` and `manifest.toml` are used to construct filesystem paths without sufficient validation, allowing attacker-controlled paths (using relative traversal like '../' or absolute paths) to target locations outside the intended dependency directory. This can lead to arbitrary file system modification, including directory deletion and creation, when resolving git dependencies with `gleam deps download`. A malicious git dependency can overwrite arbitrary directories, potentially causing data loss or, in some environments, achieving code execution by overwriting files like git hooks or shell configuration files. Recommendations Avoid using untrusted git dependencies, especially without pinning to a specific commit SHA. Review dependency trees carefully, including transitive git dependencies. Run dependency resolution commands in a restricted or isolated environment (e.g., containers).

**Name of the Vulnerable Software and Affected Versions** gleam-wisp wisp versions 0.2.0 through 2.2.1 **Description** gleam-wisp wisp contains a flaw in multipart form body parsing that can lead to a denial of service. The `multipart body` function does not enforce configured limits on body and file sizes. Specifically, when a multipart boundary is missing in a chunk, the parser appends the chunk without updating the quota, leading to an unauthenticated attacker being able to exhaust server resources by sending large multipart form submissions. **Recommendations** Upgrade to a version later than 2.2.1.

**Name of the Vulnerable Software and Affected Versions** gleam-wisp wisp versions 2.1.1 through 2.2.0 **Description** A path traversal issue exists in gleam-wisp wisp that allows arbitrary file reading through percent-encoded path traversal. The `wisp.serve static` function is susceptible because sanitization occurs before percent-decoding. The encoded sequence `%2e%2e` bypasses string replacement and is then converted to `..` by `uri.percent decode`, enabling directory traversal when the file is read. An unauthenticated attacker can read any file accessible to the application process with a single HTTP request, potentially including source code, configuration files, secrets, and system files. **Recommendations** Update gleam-wisp wisp to version 2.2.1 or later.