Skip to main content

The Update Framework

4 CVEs product

Monthly

CVE-2021-41131 PyPI HIGH POC PATCH This Week

python-tuf is a Python reference implementation of The Update Framework (TUF). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Path Traversal The Update Framework
NVD GitHub
CVSS 3.1
8.7
EPSS
1.4%
CVE-2020-15163 PyPI HIGH PATCH This Week

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass The Update Framework
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-6174 PyPI CRITICAL PATCH Act Now

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure The Update Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-6173 PyPI MEDIUM POC PATCH This Month

TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service The Update Framework
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

python-tuf is a Python reference implementation of The Update Framework (TUF). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Path Traversal The Update Framework
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass The Update Framework
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure The Update Framework
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service The Update Framework
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy