2 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
sigstore-go 安全漏洞
sigstore-go is a client library for Sigstore from the sigstore open source. A security vulnerability exists in sigstore-go versions prior to 0.6.1, which stems from the processing of maliciously constructed Sigstore Bundles containing massively verifiable data that can lead to excessive CPU...