3 matches found
CVE-2021-41087
creationtimestamp| type| source ---|---|--- 2021-09-22 00:28:13+00:00| seen| https://t.me/cibsecurity/29205...
CVE-2021-41087
CVE-2021-41087 affects the Go implementation of the in-toto framework (in-toto-golang). Affected versions allow an attacker, who is part of the trusted functionaries set, to issue attestations containing disallowed artifacts by using path traversal (e.g., foo vs dir/../foo), potentially bypassing...
CVE-2021-41087 Improperly Implemented path matching for in-toto-golang
in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the sa...