Amazon tough 数据伪造问题漏洞

Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from improper validation of the encryption signature uniqueness during delegated role verification. A...

Amazon tough 路径遍历漏洞

Amazon Tough is a Rust client library from Amazon, a subsidiary of The Update Framework TUF. Versions prior to tough-v0.22.0 contained a path traversal vulnerability. This vulnerability stemmed from incomplete path traversal fixes, which could allow remote authenticated users to write to files...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from a lack of validation of terminating delegates, which could result in a client fetching a target from the wro...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from the client incorrectly caching timestamped metadata during a snapshot rollback, which could lead to validati...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from the client failing to detect a rollback of a delegated target during a target rollback, which could cause th...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from a lack of validation of the version number of the root metadata, which could result in a client obtaining th...