5 matches found
aiogithubapi (=23.11.0), pypi-attestation-models (>=0.0.1 <=0.0.5) +2 more potentially affected by CVE-2024-55655 via sigstore (>=2.0.0rc3 <=3.5.6)
sigstore PYPI version =2.0.0rc3, =0.0.1, =0.0.6, =0.1.0, =0.14.0 Source cves: CVE-2024-55655 Source advisory: OSV:GHSA-HHFG-FWRW-87W7...
CVE-2024-55655
creationtimestamp| type| source ---|---|--- 2024-12-10 23:12:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113631058808905104 2024-12-11 01:01:35+00:00| seen| https://t.me/cvedetector/12613 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18...
CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...
CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...
CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...