top of page
perceptive_background_267k.jpg

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library func…

Published:

5 April 2026 at 22:00:00

Alert date:

6 April 2026 at 18:04:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows malicious websites to write arbitrary files to the filesystem. When scraping websites that return filenames containing ../ sequences, attackers can control both destination paths and file content. This can lead to remote code execution through cron jobs, SSH authorized_keys, shell profiles, or web shells. The vulnerability affects versions prior to 2.0.0-alpha.4 and has been fixed in that release.

Technical details

Mitigation steps:

Affected products:

Ferret

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-34783
https://github.com/MontFerret/ferret/commit/160ebad6bd50f153453e120f6d909f5b83322917
https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page