[go-tuf] Security advisory (GHSA-3633-5h82-39pq): Improper handling of different key IDs for the same public keys in attacker-controlled metadata

12 views
Skip to first unread message

Trishank Kuppusamy

unread,
Sep 8, 2022, 2:09:47 PMSep 8
to The Update Framework (TUF)
Hello,

We are writing to inform you of a high-impact but low-severity vulnerability in go-tuf clients < v0.3.2. You may find more details, such as workarounds and patches, in our security advisory.

Please reach out to us via the communication means listed in the advisory (including the public mailing list listed in this email) should you have any questions.

Thanks,
Trishank on behalf of go-tuf maintainers
Reply all
Reply to author
Forward
0 new messages