PYSEC-2020-147

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/tuf/PYSEC-2020-147.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-147
Aliases
Published
2020-02-05T16:15:00Z
Modified
2023-11-08T04:03:56.873535Z
Summary
[none]
Details

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.

References

Affected packages

PyPI / tuf

Package

Name
tuf
View open source insights on deps.dev
Purl
pkg:pypi/tuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.12.2

Affected versions

0.*
0.7.5
0.9.8
0.9.9
0.10.0
0.10.1
0.10.2
0.11.dev0
0.11.0
0.11.1
0.11.2.dev1
0.11.2.dev2
0.11.2.dev3
0.12.dev0
0.12.dev1
0.12.dev2
0.12.0
0.12.1

Database specific

source 
"https://github.com/pypa/advisory-database/blob/main/vulns/tuf/PYSEC-2020-147.yaml"