Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/tuf@0.11.2.dev1

Type pypi

Namespace

Name tuf

Version 0.11.2.dev1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.19.0

Latest_non_vulnerable_version 7.0.0

Affected_by_vulnerabilities

url VCID-2wh6-cf6k-nbc8

vulnerability_id VCID-2wh6-cf6k-nbc8

summary Client Denial of Service on TUF

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-6173

reference_id

reference_type

scores

value	0.0018
scoring_system	epss
scoring_elements	0.39646
published_at	2026-06-12T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39476
published_at	2026-06-11T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39671
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-6173

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2020-146.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2020-146.yaml

reference_url

https://github.com/theupdateframework/tuf

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf

reference_url

https://github.com/theupdateframework/tuf/commits/develop

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/commits/develop

reference_url

https://github.com/theupdateframework/tuf/issues/973

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/issues/973

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-6173

reference_id

CVE-2020-6173

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-6173

reference_url

https://github.com/advisories/GHSA-2828-9vh6-9m6j

reference_id

GHSA-2828-9vh6-9m6j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2828-9vh6-9m6j

reference_url

https://github.com/theupdateframework/tuf/security/advisories/GHSA-2828-9vh6-9m6j

reference_id

GHSA-2828-9vh6-9m6j

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/security/advisories/GHSA-2828-9vh6-9m6j

fixed_packages

url pkg:pypi/tuf@0.12.2

purl pkg:pypi/tuf@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cz2c-sxbm-wbcn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.12.2

aliases CVE-2020-6173, GHSA-2828-9vh6-9m6j, PYSEC-2020-146

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2wh6-cf6k-nbc8

url VCID-7t4g-5pyy-ykes

vulnerability_id VCID-7t4g-5pyy-ykes

summary Invalid root may become trusted root in The Update Framework (TUF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15163

reference_id

reference_type

scores

value	0.00144
scoring_system	epss
scoring_elements	0.34468
published_at	2026-06-11T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34668
published_at	2026-06-13T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34645
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15163

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2020-145.yaml

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2020-145.yaml

reference_url

https://github.com/theupdateframework/tuf

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf

reference_url

https://github.com/theupdateframework/tuf/commit/3d342e648fbacdf43a13d7ba8886aaaf07334af7

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/commit/3d342e648fbacdf43a13d7ba8886aaaf07334af7

reference_url

https://github.com/theupdateframework/tuf/pull/885

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/pull/885

reference_url

https://github.com/theupdateframework/tuf/releases/tag/v0.12.0

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/releases/tag/v0.12.0

reference_url

https://pypi.org/project/tuf

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/tuf

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15163

reference_id

CVE-2020-15163

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15163

reference_url

https://github.com/advisories/GHSA-f8mr-jv2c-v8mg

reference_id

GHSA-f8mr-jv2c-v8mg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f8mr-jv2c-v8mg

reference_url

https://github.com/theupdateframework/tuf/security/advisories/GHSA-f8mr-jv2c-v8mg

reference_id

GHSA-f8mr-jv2c-v8mg

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/security/advisories/GHSA-f8mr-jv2c-v8mg

fixed_packages

url pkg:pypi/tuf@0.12.0

purl pkg:pypi/tuf@0.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wh6-cf6k-nbc8

vulnerability	VCID-cz2c-sxbm-wbcn

vulnerability	VCID-ttah-7gdd-1bex

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.12.0

aliases CVE-2020-15163, GHSA-f8mr-jv2c-v8mg, PYSEC-2020-145

risk_score 3.9

exploitability 0.5

weighted_severity 7.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7t4g-5pyy-ykes

url VCID-cz2c-sxbm-wbcn

vulnerability_id VCID-cz2c-sxbm-wbcn

summary python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41131

reference_id

reference_type

scores

value	0.00644
scoring_system	epss
scoring_elements	0.71141
published_at	2026-06-11T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.71231
published_at	2026-06-12T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.71244
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41131

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2021-376.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2021-376.yaml

reference_url

https://github.com/theupdateframework/python-tuf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/python-tuf

reference_url

https://github.com/theupdateframework/python-tuf/commit/4ad7ae48fda594b640139c3b7eae21ed5155a102

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/python-tuf/commit/4ad7ae48fda594b640139c3b7eae21ed5155a102

reference_url

https://github.com/theupdateframework/python-tuf/issues/1527

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/python-tuf/issues/1527

reference_url

https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41131

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41131

reference_url

https://github.com/advisories/GHSA-wjw6-2cqr-j4qr

reference_id

GHSA-wjw6-2cqr-j4qr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wjw6-2cqr-j4qr

fixed_packages

url	pkg:pypi/tuf@0.19.0
purl	pkg:pypi/tuf@0.19.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.19.0

aliases CVE-2021-41131, GHSA-wjw6-2cqr-j4qr, PYSEC-2021-376

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cz2c-sxbm-wbcn

url VCID-ttah-7gdd-1bex

vulnerability_id VCID-ttah-7gdd-1bex

summary Incorrect threshold signature computation in TUF

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-6174

reference_id

reference_type

scores

value	0.00195
scoring_system	epss
scoring_elements	0.41562
published_at	2026-06-12T12:55:00Z

value	0.00195
scoring_system	epss
scoring_elements	0.41396
published_at	2026-06-11T12:55:00Z

value	0.00195
scoring_system	epss
scoring_elements	0.4158
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-6174

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2020-147.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2020-147.yaml

reference_url

https://github.com/theupdateframework/python-tuf/commit/2977188139d065ff3356c3cb4aec60c582b57e0e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/python-tuf/commit/2977188139d065ff3356c3cb4aec60c582b57e0e

reference_url

https://github.com/theupdateframework/tuf

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf

reference_url

https://github.com/theupdateframework/tuf/pull/974

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/pull/974

reference_url

https://github.com/theupdateframework/tuf/releases/tag/v0.12.2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/releases/tag/v0.12.2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-6174

reference_id

CVE-2020-6174

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-6174

reference_url

https://github.com/advisories/GHSA-pwqf-9h7j-7mv8

reference_id

GHSA-pwqf-9h7j-7mv8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pwqf-9h7j-7mv8

reference_url

https://github.com/theupdateframework/tuf/security/advisories/GHSA-pwqf-9h7j-7mv8

reference_id

GHSA-pwqf-9h7j-7mv8

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/theupdateframework/tuf/security/advisories/GHSA-pwqf-9h7j-7mv8

fixed_packages

url pkg:pypi/tuf@0.12.2

purl pkg:pypi/tuf@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cz2c-sxbm-wbcn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.12.2

aliases CVE-2020-6174, GHSA-pwqf-9h7j-7mv8, PYSEC-2020-147

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttah-7gdd-1bex

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.11.2.dev1

Package Instance