Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2021-41150

Published: 19/10/2021 Updated: 26/10/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Tough

Vulnerability Summary

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, before 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

amazon tough

References

CWE-22https://github.com/awslabs/tough/security/advisories/GHSA-r56q-vv3c-6g9chttps://github.com/awslabs/tough/commit/1809b9bd1106d78a51fbea3071aa97a3530bac9ahttps://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qrhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook