5 matches found
CVE-2026-24686
go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...
CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...
Linux Distros Unpatched Vulnerability : CVE-2026-24686
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem pat...
GHSA-JQC5-W2XX-5VQ4 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
Security Vulnerability: Path Traversal in TAP 4 Multirepo Client Summary go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. If an application accepts a map file from an untrusted sourc...
PT-2026-4844
Name of the Vulnerable Software and Affected Versions go-tuf versions prior to 2.4.1 Description go-tuf is a Go implementation of The Update Framework TUF. The TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata...