80 matches found
CVE-2026-34783
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...
CVE-2026-34783 Ferret has a Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...
CVE-2026-34783 Ferret has a Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...
CVE-2026-34783
CVE-2026-34783 is a path traversal in Ferret’s IO::FS::WRITE (and related IO::FS::READ) that lets an attacker cause arbitrary file writes during web scraping by supplying filenames containing ".." sequences. A malicious website can manipulate output paths so the attacker controls destination and ...
Ferret 安全漏洞
Ferret is an open-source declarative system developed by MontFerret for web data extraction and querying. Versions of Ferret prior to 2.0.0-alpha.4 contained security vulnerabilities. These vulnerabilities stemmed from path traversal issues in the IO::FS::WRITE standard library function, which...
GHSA-J6V5-G24H-VG4J Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites
Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...
Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites
Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...
PT-2026-29811
Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...
Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware
Researchers have discovered a new attack targeting Mac users. It lures them to a fake job website, then tricks them into downloading malware via a bogus software update. The attackers pose as recruiters and contact people via LinkedIn, encouraging them to apply for a role. As part of the...
EUVD-2025-117131
Malicious code in regional-sapphire-ferret npm...
EUVD-2025-117282
Malicious code in juicy-silver-ferret npm...
Malicious code in regional-sapphire-ferret (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1274efa3a397d7d3d8049f187d3e3cf35df504c0cfa4c675dc6e3c84b086d7be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-116997
Malicious code in voiceless-gold-ferret npm...
EUVD-2025-97961
Malicious code in internationalferretz3n npm...
EUVD-2025-102663
Malicious code in responsibleferretz3n npm...
Malicious code in exotic_ferret_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a8d1fd33d9a34f95f3552074c5252ce4c1d0046d61d0ef96860dca7b6a28719 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-102740
Malicious code in qualifiedferretz3n npm...
Malicious code in vicarious_ferret_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2679ea64ab9783ece4edb1ea9c13a86fcc004987bb80f849e5bd35f87ec114a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-94917
Malicious code in stingyferretz3n npm...
EUVD-2025-96848
Malicious code in lightferretz3n npm...