This vulnerability allows unauthenticated attackers to bypass configured size limits for multipart form body parsing in gleam-wisp wisp. Size quota is only applied to the final chunk of a multipart request, allowing attackers to send arbitrarily large payloads that exhaust server memory or disk storage. This results in a denial of service condition for the affected server.
Remediation
Upgrade gleam-wisp wisp to version 2.2.2 or later to patch this vulnerability. If an immediate upgrade is not possible, implement global maximum request size limits at your web server or edge network. Monitor server resource usage for unexpected spikes that may indicate active exploitation attempts.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.