logo

Database

Lack of data validation - Path Traversal In tough

Description

Improper sanitization of delegated role names

Impact

The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system.

AWS would like to thank https://github.com/jku for reporting this issue.

Patches

A fix is available in version 0.12.0.

Workarounds

No workarounds to this issue are known.

References

https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-411502. NVD-2021-411503. OSV-2021-411504. GHSA-r56q-vv3c-6g9c5. GHSA-wjw6-2cqr-j4qr6. GCVE-2021-41150

References

1. https://github.com/awslabs/tough/security/advisories/GHSA-r56q-vv3c-6g9c2. https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr3. https://github.com/awslabs/tough/commit/1809b9bd1106d78a51fbea3071aa97a3530bac9a

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.