Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Invalid root may become trusted root in The Update Framework (TUF)
Vulnerability Description
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. This is fixed in version 0.12 and newer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Python 数据伪造问题漏洞
Vulnerability Description
Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python TUF 0.12 中存在安全漏洞。该漏洞源于下载未验证,攻击者可利用该漏洞进行中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A