Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing auth

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows rem

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 all

During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting t

During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a ta

Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searc

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client i

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough libra

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough libra

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It a