Workflow

PyPi: In-Toto

PVE-2023-58653

Safety vulnerability ID: 58653

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 11, 2023 Updated at May 14, 2024

Advisory

In-toto 2.0.0 fixes a security issue: PGP trust model not (fully) considered. https://gi…

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

in-toto

Latest version: 3.0.0

A framework to define and secure the integrity of software supply chains

Affected versions

Fixed versions

Vulnerability changelog

This release includes breaking changes such as the removal of the user_settings module an…

[This text has been limited. Please create a free account to view the full text.]

Resources