Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-th...
8.7CVSS
7.9AI Score
0.001EPSS
TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.
5.3CVSS
5.2AI Score
0.001EPSS
TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.
9.8CVSS
9AI Score
0.002EPSS
python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (tuf/client and tuf/ngclient), there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to get_one_valid_targetinfo(). It ...
8.7CVSS
8.5AI Score
0.001EPSS