tuf@0.10.0 vulnerabilities
A secure updater framework for Python
-
latest version
5.0.0
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
3 days ago
-
licenses detected
- [0.10.0,0.10.1)
Direct Vulnerabilities
Known vulnerabilities in the tuf package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Directory Traversal during a call to How to fix Directory Traversal? Upgrade |
[,0.19.0)
|
tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Improper Authorization. It will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. How to fix Improper Authorization? Upgrade |
[,0.12)
|
tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature. The metadadata signature verification as provided by How to fix Improper Verification of Cryptographic Signature? Upgrade |
[,0.12.2)
|
tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Denial of Service (DoS). While maximum file size is restricted for downloading, the client may attempt to validate a large number of signatures. The file size limit of How to fix Denial of Service (DoS)? Upgrade |
[0.7.2,0.12.2)
|