An attacker with the ability to insert public keys into a TUF repository can cause clients to accept a staged change that has not been signed by the correct threshold of signatures.
{ "url": "https://pkg.go.dev/vuln/GO-2022-1004", "review_status": "REVIEWED" }