VYPR
High severityOSV Advisory· Published Oct 1, 2024· Updated Apr 15, 2026

CVE-2024-47534

CVE-2024-47534

Description

go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly trace the delegations "B"->"C"->"A". This vulnerability is fixed in 2.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/theupdateframework/go-tuf/v2Go
< 2.0.12.0.1

Affected products

153

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.