[go-tuf] Security advisory (GHSA-3633-5h82-39pq): Improper handling of different key IDs for the same public keys in attacker-controlled metadata

[Trishank Kuppusamy]

Hello,

We are writing to inform you of a high-impact but low-severity vulnerability in go-tuf clients < v0.3.2. You may find more details, such as workarounds and patches, in our security advisory.

Please reach out to us via the communication means listed in the advisory (including the public mailing list listed in this email) should you have any questions.

Thanks,

Trishank on behalf of go-tuf maintainers