{"vulnerability": "CVE-2021-41150", "sightings": [{"uuid": "937b8b77-aa47-4868-bc57-0bb019747012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41150", "type": "seen", "source": "https://t.me/cibsecurity/30845", "content": "\u203c CVE-2021-41150 \u203c\n\nTough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-20T00:33:25.000000Z"}]}