Back to search
CVE-2026-33241
Published: Mar 23, 2026
Modified: Mar 25, 2026
PUBLISHED
Description
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) conditions by sending extremely large payloads, leading to service crashes and denial of service. Version 0.89.3 contains a patch.
| Vendor | Product | Versions |
|---|---|---|
salvo-rs | salvo | affected < 0.89.3 |
Weaknesses (CWE)
References
https://github.com/salvo-rs/salvo/security/advisories/GHSA-pp9r-xg4c-8j4x
x_refsource_CONFIRM
https://github.com/salvo-rs/salvo/releases/tag/v0.89.3
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now