Vulnerability	Vulnerable Version
M Directory Traversal tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Directory Traversal during a call to `get_one_valid_targetinfo()`, which may lead to an overwrite of files ending in `.json`. Note: This only affects implementations that allow arbitrary rolename selection for delegated targets metadata. How to fix Directory Traversal? Upgrade `tuf` to version 0.19.0 or higher.	[,0.19.0)
L Improper Verification of Cryptographic Signature tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature. The metadadata signature verification as provided by `tuf.sig.verify()` and used components such as `tuf.client.updater` counted multiple signatures with identical authorized keyids each separately towards the threshold. How to fix Improper Verification of Cryptographic Signature? Upgrade `tuf` to version 0.12.2 or higher.	[,0.12.2)
M Denial of Service (DoS) tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Denial of Service (DoS). While maximum file size is restricted for downloading, the client may attempt to validate a large number of signatures. The file size limit of `target.json` is large and may allow up to 5000 signatures, further increasing the amount of time spent in validation. How to fix Denial of Service (DoS)? Upgrade `tuf` to version 0.12.2 or higher.	[0.7.2,0.12.2)

Go back to all versions of this package