Improper Verification of Cryptographic Signature
Overview @sigstore/verify is a Verification of Sigstore signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required...