Vulnerability Report: GO-2022-0444
- CVE-2022-29173, GHSA-66x3-6cw3-v5gj
- Affects: github.com/theupdateframework/go-tuf
- Published: Jul 01, 2022
- Modified: May 20, 2024
The TUF client is vulnerable to rollback attacks, in which an attacker causes a client to install software older than the software the client previously knew to be available.
Affected Packages
-
PathGo VersionsSymbols
-
before v0.3.0
5 affected symbols
-
before v0.3.0
Aliases
References
- https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d
- https://vuln.go.dev/ID/GO-2022-0444.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.