{"vulnerability": "CVE-2021-41149", "sightings": [{"uuid": "e572fc4d-ea3c-4bdd-b8c1-fcfc9f2b0bf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41149", "type": "seen", "source": "https://t.me/cibsecurity/30832", "content": "\u203c CVE-2021-41149 \u203c\n\nTough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-19T22:39:23.000000Z"}]}