CVE-2026-53777
HIGH
8,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH
8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: none
Description
AI Translation Available
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 4 Days)
22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Files Or Directories
Read Files Or Directories
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML
https://github.com/PerryTS/perry/security/advisories/GHSA-x55v-q459-68ch
https://github.com/PerryTS/perry/commit/95e1043df8081f67038bffce847dd9ddb3dae046
https://github.com/PerryTS/perry/pull/4989
https://github.com/PerryTS/perry/releases/tag/v0.5.1159
https://github.com/PerryTS/perry/security/advisories/GHSA-x55v-q459-68ch
https://www.vulncheck.com/advisories/perry-path-traversal-via-artifactready-web…