8 matches found
EUVD-2024-2931
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-47534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-tuf is a Go implementation of The Update Framework TUF. The go-tuf client inconsistently traces the delegations. For example, if targets delegate to A, and t...
Incorrect delegation lookups can make go-tuf download the wrong artifact
During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...
GHSA-4F8R-QQR9-FQ8J Incorrect delegation lookups can make go-tuf download the wrong artifact
During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...
CVE-2024-47534
go-tuf is a Go implementation of The Update Framework TUF. The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly...
UBUNTU-CVE-2024-47534
go-tuf is a Go implementation of The Update Framework TUF. The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly...
CVE-2024-47534
go-tuf is a Go implementation of The Update Framework TUF. The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly...
PT-2024-32647 · Go-Tuf +1 · Go-Tuf +1
Name of the Vulnerable Software and Affected Versions: go-tuf versions prior to 2.0.1 Description: The go-tuf client inconsistently traces the delegations, which can result in downloading the wrong artifact. For example, if targets delegate to "A" and "B", and "B" delegates to "C", the client...