An attacker with the ability to insert public keys into a TUF repository can cause clients to accept a staged change that has not been signed by the correct threshold of signatures.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/theupdateframework/go-tuf | lt | 0.3.2 |