CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

CVE-2026-31830

Summary: CVE-2026-31830 affects the sigstore-ruby project before version 0.2.3. The bug is in Sigstore::Verifier#verify, which fails to propagate the VerificationFailure returned by verify_in_toto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, ...

EUVD-2006-5164

Malware in sbrugna...

GO-2023-1795 malformed proposed intoto entries can cause a panic in github.com/sigstore/rekor

malformed proposed intoto entries can cause a panic in github.com/sigstore/rekor...

SUSE CVE-2023-33199

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

CVE-2023-33199 malformed proposed intoto v0.0.2 entries can cause a panic in Rekor

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

CVE-2023-33199 malformed proposed intoto v0.0.2 entries can cause a panic in Rekor

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

malformed proposed intoto entries can cause a panic

Impact A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. Patches This is fixed in v1.2.0 of...

GHSA-FRQX-JFCM-6JJR malformed proposed intoto entries can cause a panic

Impact A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. Patches This is fixed in v1.2.0 of...

PT-2023-24216 · Rekor +1 · Rekor +1

Name of the Vulnerable Software and Affected Versions: Rekor versions prior to 1.2.0 Description: A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered, resulting in a 500 error message to the client, with minimal...

Intoto-Golang 路径遍历漏洞

Intoto-Golang is a framework for protecting the integrity of the software supply chain. A path traversal vulnerability exists in intoto-golang, where an authenticated attacker can impersonate a staff member i.e., within a layout's set of trusted users to create proofs that may bypass the DISALLOW...

CVE-2006-5179

Technical details beyond the summary are not provided in the connected documents. Public details for CVE-2006-5179 (affected products, versions, root cause, or fixes) are not available here. Monitor for updates from official advisories.