Logo
Retour à la veille

CVE-2026-53777

Publié : 11 juin 2026
Modifié : 11 juin 2026
Lien officiel NVD
Score CVSS
8.1
HIGH

Description détaillée

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Références et Patchs

https://github.com/PerryTS/perry/commit/95e1043df8081f67038bffce847dd9ddb3dae046https://github.com/PerryTS/perry/pull/4989https://github.com/PerryTS/perry/releases/tag/v0.5.1159https://github.com/PerryTS/perry/security/advisories/GHSA-x55v-q459-68chhttps://www.vulncheck.com/advisories/perry-path-traversal-via-artifactready-websockethttps://github.com/PerryTS/perry/security/advisories/GHSA-x55v-q459-68ch

Dernières Vulnérabilités

CVE-2026-53782

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values. Attackers can bypass protections through DNS rebinding and redirect-based techniques, as redirect targets are not revalidated and hostnames are not resolved before request dispatch, exposing internal service responses through the summarization flow.

VOIR DÉTAILS

CVE-2026-53781

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.

VOIR DÉTAILS

CVE-2026-49973

Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter to the settings API endpoint without any network origin restriction. Attackers on any reachable network can send a POST request to the settings endpoint during the first-run setup window to persist an arbitrary password hash, obtain a valid session cookie, and lock out the legitimate operator from their own instance.

VOIR DÉTAILS