Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/github.com/MontFerret/ferret/v2@2.0.0-alpha.4
Typegolang
Namespacegithub.com/MontFerret/ferret
Namev2
Version2.0.0-alpha.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8a9a-ky6k-ubgw
vulnerability_id VCID-8a9a-ky6k-ubgw
summary Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those filenames to construct output paths (a standard scraping pattern), the attacker controls both the destination path and the file content. This can lead to remote code execution via cron jobs, SSH authorized_keys, shell profiles, or web shells. This vulnerability is fixed in 2.0.0-alpha.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34783
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.42237
published_at 2026-06-11T12:55:00Z
1
value 0.00202
scoring_system epss
scoring_elements 0.42402
published_at 2026-06-12T12:55:00Z
2
value 0.00233
scoring_system epss
scoring_elements 0.46497
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34783
1
reference_url https://github.com/MontFerret/ferret
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/MontFerret/ferret
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34783
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34783
3
reference_url https://github.com/MontFerret/ferret/commit/160ebad6bd50f153453e120f6d909f5b83322917
reference_id 160ebad6bd50f153453e120f6d909f5b83322917
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-07T14:12:17Z/
url https://github.com/MontFerret/ferret/commit/160ebad6bd50f153453e120f6d909f5b83322917
4
reference_url https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j
reference_id GHSA-j6v5-g24h-vg4j
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-07T14:12:17Z/
url https://github.com/MontFerret/ferret/security/advisories/GHSA-j6v5-g24h-vg4j
fixed_packages
0
url pkg:golang/github.com/MontFerret/ferret/v2@2.0.0-alpha.4
purl pkg:golang/github.com/MontFerret/ferret/v2@2.0.0-alpha.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/MontFerret/ferret/v2@2.0.0-alpha.4
aliases CVE-2026-34783, GHSA-j6v5-g24h-vg4j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8a9a-ky6k-ubgw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/github.com/MontFerret/ferret/v2@2.0.0-alpha.4