VYPR

crates.io package

tuftool

pkg:cargo/tuftool

Vulnerabilities (2)

  • CVE-2026-6967MedApr 24, 2026
    affected < 0.15.0fixed 0.15.0

    Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the lo

  • CVE-2026-6966MedApr 24, 2026
    affected < 0.15.0fixed 0.15.0

    Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged