HIGH🇬🇧 English

CVE-2021-41149

CVSS 8.2v3.1pub. 2021-10-19upd. 2024-11-21

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
  • Amazon Tough

    APP
    Amazon
    < 0.12.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2026-6966HIGH7.0ten sam produkt

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough befo...

CVE-2026-6968HIGH7.1ten sam produkt

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with de...

CVE-2026-6967HIGH7.1ten sam produkt

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before toug...

CVE-2021-41150HIGH8.2ten sam produkt

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositor...

CVE-2020-15093HIGH8.6ten sam produkt

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptograp...

CVE-2021-41149 — HIGH 8.2 | CVEbaza.pl