Lucene search
K

5 matches found

OSV
OSV
added 2025/03/28 2:48 p.m.15 views

GHSA-Q6R9-R9PW-4CF7 tough failure to detect delegated target rollback

Summary When updating the snapshot role, TUF clients should ensure that any previously encountered targets or delegated targets metadata files continue to be present in new snapshot metadata files. Likewise, the new targets and delegated targets metadata versions must be greater than or equal to...

5.7CVSS6.1AI score0.00307EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/03/28 2:48 p.m.11 views

tough failure to detect delegated target rollback

Summary When updating the snapshot role, TUF clients should ensure that any previously encountered targets or delegated targets metadata files continue to be present in new snapshot metadata files. Likewise, the new targets and delegated targets metadata versions must be greater than or equal to...

5.7CVSS6.1AI score0.00307EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/03/27 11:15 p.m.5 views

CVE-2025-2887

During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched ...

4.5CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2021/10/19 8:14 p.m.17 views

GHSA-WJW6-2CQR-J4QR Client metadata path-traversal

Impact In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs because the rolename is used to form the filename, and may contain pat...

7.5CVSS7.4AI score0.01404EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/10/19 6:15 p.m.5 views

CVE-2021-41131

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

8.8CVSS7.4AI score0.01404EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder