{"id":"PYSEC-2020-147","details":"TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.","aliases":["CVE-2020-6174","GHSA-pwqf-9h7j-7mv8"],"modified":"2023-11-08T04:03:56.873535Z","published":"2020-02-05T16:15:00Z","references":[{"type":"WEB","url":"https://github.com/theupdateframework/tuf/pull/974"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-pwqf-9h7j-7mv8"}],"affected":[{"package":{"name":"tuf","ecosystem":"PyPI","purl":"pkg:pypi/tuf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12.2"}]}],"versions":["0.7.5","0.9.8","0.9.9","0.10.0","0.10.1","0.10.2","0.11.dev0","0.11.0","0.11.1","0.11.2.dev1","0.11.2.dev2","0.11.2.dev3","0.12.dev0","0.12.dev1","0.12.dev2","0.12.0","0.12.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tuf/PYSEC-2020-147.yaml"}}],"schema_version":"1.7.3"}