Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2024/12/11 6:42 p.m.14 views

aiogithubapi (=23.11.0), pypi-attestation-models (>=0.0.1 <=0.0.5) +2 more potentially affected by CVE-2024-55655 via sigstore (>=2.0.0rc3 <=3.5.6)

sigstore PYPI version =2.0.0rc3, =0.0.1, =0.0.6, =0.1.0, =0.14.0 Source cves: CVE-2024-55655 Source advisory: OSV:GHSA-HHFG-FWRW-87W7...

6.9CVSS5.7AI score0.0024EPSS
Exploits0
Circl
Circl
added 2024/12/10 11:12 p.m.7 views

CVE-2024-55655

creationtimestamp| type| source ---|---|--- 2024-12-10 23:12:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113631058808905104 2024-12-11 01:01:35+00:00| seen| https://t.me/cvedetector/12613 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18...

6.9CVSS4.8AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/10 11:6 p.m.11 views

CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...

6.9CVSS6.5AI score0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/10 11:6 p.m.14 views

CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...

6.9CVSS0.0024EPSS
Exploits0References3
OSV
OSV
added 2024/12/10 11:6 p.m.8 views

CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...

6.9CVSS6.6AI score0.0024EPSS
Exploits0References5
Rows per page
Query Builder