2 matches found
CVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
GHSA-273P-M2CW-6833 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message
Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...