Incorrect Rekor Entry Selection
github.com/sigstore/gitsign is vulnerable to Incorrect Rekor entry selection. The vulnerability is due to gitsign not correctly handling situations where multiple Rekor entries are returned during online verification, leading it to potentially select the wrong one. It allows an attacker to...