2 matches found
PT-2024-34879 · Gitsign +1 · Gitsign +1
Name of the Vulnerable Software and Affected Versions: gitsign affected versions not specified Description: The issue arises when gitsign uses Rekor's search API to fetch entries for signature verification, using parameters such as the public key and the payload. However, the search API returns...
GnuTLS insufficient cert verification
libcurl when built to use GnuTLS fails to verify that a peer's certificate has not already expired or has not yet become valid. This allows malicious servers to present certificates to libcurl that were not rejected properly. Notably, the CA certificate and common name checks are still in place...