Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attacker reaches the client over the network via a hub the user chose to connect to (AV:N, UI:R), no auth on the client side (PR:N); arbitrary file write/read gives high C and I, but no availability impact in the patch evidence.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.
AnalysisAI
Path traversal in Perry (PerryTS) CLI versions before 0.5.1159 allows a malicious or compromised build server to write arbitrary files anywhere the Perry process can write, or exfiltrate arbitrary local files, by sending crafted artifact_name or download_path values in ArtifactReady WebSocket messages. No public exploit identified at time of analysis, but the upstream commit and tests confirm the issue and a patched release is available.
Technical ContextAI
Perry is a Rust-based publish/distribution CLI (PerryTS/perry) that connects to a remote build hub over WebSockets and downloads artifacts described by ArtifactReady messages. The pre-fix code in crates/perry/src/commands/publish/mod.rs joined the server-supplied artifact_name directly onto the output directory via args.output.join(&name), and honored a server-supplied download_path as a local filesystem source whenever present - both classic CWE-22 patterns where untrusted input crosses a trust boundary into a filesystem API. The fix introduces sanitize_artifact_name (rejecting empty, '.', '..', any path separator, drive prefixes, or anything whose file_name does not round-trip to the original) and a server_is_local check that refuses to treat download_path as a local copy unless the hub URL resolves to localhost/127.0.0.1/::1.
RemediationAI
Upgrade to Perry 0.5.1159 or later (https://github.com/PerryTS/perry/releases/tag/v0.5.1159), which lands the sanitize_artifact_name and server_is_local checks from commit 95e1043df8081f67038bffce847dd9ddb3dae046 (PR #4989) - this is the primary fix. Until upgraded, restrict Perry to only connect to trusted hub URLs you control (pin server_url to your own hub and block egress to arbitrary hosts from CI runners), and run Perry as a low-privilege user with a tightly scoped output directory so that even a successful traversal cannot reach SSH keys, shell rc files, or cron drop-in directories; the trade-off is that developers can no longer point Perry at ad-hoc third-party hubs. Refer to the VulnCheck advisory at https://www.vulncheck.com/advisories/perry-path-traversal-via-artifactready-websocket and GHSA-x55v-q459-68ch for additional vendor guidance.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36253