cosign 数据伪造问题漏洞

cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in cosign versions prior to 1.12.0 that stems from Bundle mismatches leading to invalid validation, not checking certificate identity in some cases, invalid...