PyPI package

tuf

pkg:pypi/tuf

Vulnerabilities (4)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-41131	—	< 0.19.0	0.19.0	Oct 19, 2021	python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_o
CVE-2020-15163	—	< 0.12.0	0.12.0	Sep 9, 2020	Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e
CVE-2020-6174	—	< 0.12.2	0.12.2	Feb 5, 2020	TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.
CVE-2020-6173	—	>= 0.7.2, < 0.12.2	0.12.2	Jan 14, 2020	TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.

CVE-2021-41131Oct 19, 2021
affected < 0.19.0fixed 0.19.0
python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_o
CVE-2020-15163Sep 9, 2020
affected < 0.12.0fixed 0.12.0
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e
CVE-2020-6174Feb 5, 2020
affected < 0.12.2fixed 0.12.2
TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.
CVE-2020-6173Jan 14, 2020
affected >= 0.7.2, < 0.12.2fixed 0.12.2
TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.