CVE-2020-6174: Improper Verification of Cryptographic Signature

August 21, 2020 (updated September 23, 2021)

TUF (aka The Update Framework) has Improper Verification of a Cryptographic Signature.

References

github.com/advisories/GHSA-pwqf-9h7j-7mv8
github.com/theupdateframework/tuf/pull/974
github.com/theupdateframework/tuf/pull/974/commits/a0397c7c820ec1c30ebc793cc9469b61c8d3f50e
github.com/theupdateframework/tuf/security/advisories/GHSA-pwqf-9h7j-7mv8
nvd.nist.gov/vuln/detail/CVE-2020-6174

Detect and mitigate CVE-2020-6174 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →