You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Improper sanitization of target names
High severity
GitHub Reviewed
Published
Oct 19, 2021
in
awslabs/tough
•
Updated Feb 1, 2023
The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system.
Impact
The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system.
AWS would like to thank https://github.com/jku for reporting this issue.
Patches
A fix is available in version 0.12.0.
Workarounds
No workarounds to this issue are known.
References