Emilyalbini

**Name of the Vulnerable Software and Affected Versions** awslabs/tough versions prior to 0.22.0 **Description** Improper verification of cryptographic signature uniqueness in delegated role validation allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature. This can cause the client to accept forged delegated role metadata. **Recommendations** Upgrade to tough-v0.22.0 / tuftool-v0.15.0.