Improper Certificate Validation
github.com/in-toto/go-witness is vulnerable to Improper Certificate Validation. The vulnerability is due to the AWS attestor accepting EC2 instance identity documents without properly validating signatures and relying on outdated public certificates, which allows an attacker to supply or intercep...