Affected by GO-2024-3166
and 3 other vulnerabilities
GO-2024-3166: Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf
GO-2026-4348: Client DoS via malformed server response in github.com/theupdateframework/go-tuf
GO-2026-4349: Improper validattion of configured threshold for delegations in github.com/theupdateframework/go-tuf
GO-2026-4377: Path traversal in TAP 4 multirepo client allows arbitrary file write via repo names in github.com/theupdateframework/go-tuf
This package is not in the latest version of its module.
README
¶
The following CLIs are experimental replacements of the CLI tools provided by the go-tuf package:
tuf-client - a CLI tool that implements the client workflow specified by The Update Framework (TUF) specification
tuf - Not implemented
Directories