Lucene search
GoogleOSV:CVE-2021-41150HistoryOct 19, 2021 - 8:15 p.m.
CVE-2021-41150
2021-10-1920:15:08
Google
osv.dev
4
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.
Related
osv
osv
PYSEC-2021-376
2021-10-19 18:15:00
Client metadata path-traversal
2021-10-19 20:14:36
CVE-2021-41131
2021-10-19 18:15:07
cvelist
cvelist
CVE-2021-41150 Improper sanitization of delegated role names in tough
2021-10-19 19:55:09
CVE-2021-41131 Client metadata path-traversal in python-tuf
2021-10-19 17:50:11
cve
cve
CVE-2021-41150
2021-10-19 20:15:08
CVE-2021-41131
2021-10-19 18:15:07
nvd
nvd
CVE-2021-41150
2021-10-19 20:15:08
CVE-2021-41131
2021-10-19 18:15:07
github
github
Improper sanitization of delegated role names
2021-10-19 20:16:26
Client metadata path-traversal
2021-10-19 20:14:36
freebsd
freebsd
The Update Framwork -- path traversal vulnerability
2021-10-22 00:00:00
prion
prion
Code injection
2021-10-19 20:15:00
Path traversal
2021-10-19 18:15:00
nessus
nessus