2 matches found
CVE-2026-48815
Summary of CVE-2026-48815 : In sigstore-js, the documented certificateOIDs option in sigstore.verify() is accepted by the public API before verification but discarded during verification, causing certificate extension OIDs to not be checked. This allows applications to accept unauthorized certifi...
NPM: sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced
NPM: sigstore's certificateOIDs verification constraints are silently dropped and never enforced vulnerability discovered by ? in WordPress Npm sigstore versions = 4.1.0...