cosign 数据伪造问题漏洞
cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in versions prior to cosign 1.10.1, which stems from the fact that the cosign verify-attestation --type may report a false positive if any attestation is...