26 matches found
EUVD-2020-0224
Malware in sbrugna...
EUVD-2021-0454
Malware in sbrugna...
CVE-2021-41131
python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...
CVE-2020-15163
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
The security of both a TUF client and repository implementations depend on the concept of trusted Metadata objects verifying the signatures over other Metadata that it delegates to. This verification process uses Targets.getdelegatedroledelegatedrole: str to find the delegation information...
GHSA-R7VQ-6425-J94W Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...
FreeBSD : The Update Framwork -- path traversal vulnerability (85d976be-93e3-11ec-aaad-14dae9d5a9d2)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 85d976be-93e3-11ec-aaad-14dae9d5a9d2 advisory. - python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/clie...
The Update Framwork -- path traversal vulnerability
NVD reports: python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinf...
Client metadata path-traversal
Impact In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs because the rolename is used to form the filename, and may contain pat...
GHSA-WJW6-2CQR-J4QR Client metadata path-traversal
Impact In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs because the rolename is used to form the filename, and may contain pat...
PYSEC-2021-376
python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...
PYSEC-2021-376
python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...
CVE-2021-41131
CVE-2021-41131 affects the Python reference implementation of The Update Framework (python-tuf), specifically the clients in the tuf/client and tuf/ngclient components. A path-traversal flaw allows an attacker to craft a rolename that, on calling get_one_valid_targetinfo(), can cause the overwrit...
CVE-2021-41131
python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...
CVE-2021-41131 Client metadata path-traversal in python-tuf
python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...
CVE-2021-41131
creationtimestamp| type| source ---|---|--- 2021-10-19 13:21:51+00:00| published-proof-of-concept| https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr...
python-tuf 路径遍历漏洞
python-tuf is an open source framework for protecting software update systems and is the Python reference implementation of The Update Framework TUF. A path traversal vulnerability exists in python-tuf versions prior to 0.19, which stems from a failure of a networked system or product to properly...
CVE-2020-15163
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
CVE-2020-15163
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...