go-tuf improperly validates the configured threshold for delegations
A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification.
Advisories for Golang/Github.com/Theupdateframework/Go-Tuf package
2026
go-tuf improperly validates the configured threshold for delegations
A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification.
go-tuf affected by client DoS via malformed server response
If the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a DoS. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key.
go-tuf affected by client DoS via malformed server response
If the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a DoS. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key.
2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the test in this PR: https://github.com/theupdateframework/tuf-conformance/pull/115. The test - test_graph_traversal - sets up a repository with a series of …
2022
Improper Neutralization
Improper Neutralization in github.com/theupdateframework/go-tuf.
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
While the impact is potentially high, the severity is low as it requires either attackers or the repository (deliberately or mistakenly respectively) to have produced such an incorrect distribution of public keys, causing clients < 0.3.2 to fall prey to this issue.
Improper Validation of Integrity Check Value
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In …