2 matches found
CVE-2026-48816
creationtimestamp| type| source ---|---|--- 2026-07-01 20:35:05+00:00| published-proof-of-concept| https://github.com/sigstore/sigstore-js/security/advisories/GHSA-xgjw-pm74-86q4...
GHSA-XGJW-PM74-86Q4 sigstore-js has Insufficient Verification of Data Authenticity
sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...