{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34783", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:54:55.556Z", "datePublished": "2026-04-06T16:04:24.959Z", "dateUpdated": "2026-04-06T16:04:24.959Z"}, "containers": {"cna": {"title": "Ferret has a Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j"}, {"name": "https://github.com/MontFerret/ferret/commit/160ebad6bd50f153453e120f6d909f5b83322917", "tags": ["x_refsource_MISC"], "url": "https://github.com/MontFerret/ferret/commit/160ebad6bd50f153453e120f6d909f5b83322917"}], "affected": [{"vendor": "MontFerret", "product": "ferret", "versions": [{"version": "< 2.0.0-alpha.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T16:04:24.959Z"}, "descriptions": [{"lang": "en", "value": "Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those filenames to construct output paths (a standard scraping pattern), the attacker controls both the destination path and the file content. This can lead to remote code execution via cron jobs, SSH authorized_keys, shell profiles, or web shells. This vulnerability is fixed in 2.0.0-alpha.4."}], "source": {"advisory": "GHSA-j6v5-g24h-vg4j", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those filenames to construct output paths (a standard scraping pattern), the attacker controls both the destination path and the file content. This can lead to remote code execution via cron jobs, SSH authorized_keys, shell profiles, or web shells. This vulnerability is fixed in 2.0.0-alpha.4."}], "id": "CVE-2026-34783", "lastModified": "2026-04-06T17:17:10.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-06T17:17:10.430", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/MontFerret/ferret/commit/160ebad6bd50f153453e120f6d909f5b83322917"}, {"source": "security-advisories@github.com", "url": "https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.0-alpha.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ferret", "source": "cna", "vendor": "MontFerret"}, "product": "ferret", "vendor": "montferret"}], "analysis": {"en": {"generated_at": "2026-04-06T19:38:14.641000+00:00", "value": {"mitigation_remediation": ["Upgrade Ferret to version 2.0.0\u2011alpha.4 or later.", "Restrict Ferret\u2019s write operations to a safe directory or disable IO::FS::WRITE during scraping.", "Verify that the host filesystem permissions are restrictive and monitor for unauthorized file creations.", "Use trusted source lists and avoid scraping untrusted sites.", "If upgrading is not possible, consider using a container or sandbox to run Ferret with limited filesystem access."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the MontFerret Ferret data\u2011scraping product. Any installation of Ferret older than version 2.0.0\u2011alpha.4 is susceptible. The fix is present in release 2.0.0\u2011alpha.4 and later.", "description_and_impact": "Ferret, a declarative web data platform, has a path\u2011traversal flaw in its IO::FS::WRITE library function. Prior to 2.0.0\u2011alpha.4, an operator scraping a site that supplies filenames containing '../' sequences can cause Ferret to write arbitrary files to any location on the host. The attacker controls both the destination path and the file contents. Writing files to sensitive locations such as cronjobs, SSH authorized_keys, shell profiles, or webapp directories can elevate the attacker to code execution on the host. This vulnerability is a classic file\u2011write attack (CWE\u201122, CWE\u201173) that directly enables remote code execution.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high baseline risk, and the lack of optional EPSS data suggests that the flaw could be overlooked until a writer uses a malicious site. The exploit requires an operator to process a page that supplies crafted filenames, which is a realistic scenario for automated scraping tasks. An attacker who succeeds can write files arbitrarily, leading to remote code execution or credential hijacking. Because the flaw is not listed in the CISA KEV catalog yet, it may be a newer discovery, but the potential impact and the nature of the flaw justify treating it as a high\u2011priority risk that should be mitigated before threat actors can take advantage."}}}}, "created": "2026-04-06T20:13:49.592105+00:00", "updated": "2026-04-06T21:31:44.829275+00:00", "vendors": ["montferret", "montferret$PRODUCT$ferret"]}