Vulnerabilities > CVE-2021-41149 - Unspecified vulnerability in Amazon Tough

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

amazon

NVD

Published: 2021-10-19

Updated: 2024-11-21

Summary

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.

Vulnerable Configurations

Part	Description	Count
Application	Amazon Amazon Tough - Amazon Tough 0.1.0 Amazon Tough 0.2.0 Amazon Tough 0.3.0 Amazon Tough 0.4.0 Amazon Tough 0.5.0 Amazon Tough 0.6.0 Amazon Tough 0.7.0 Amazon Tough 0.7.1 Amazon Tough 0.8.0 Amazon Tough 0.9.0 Amazon Tough 0.10.0 Amazon Tough 0.11.0 Amazon Tough 0.11.1 Amazon Tough 0.11.2 Amazon Tough 0.11.3	16

Summary

Vulnerable Configurations

References