7 matches found
EUVD-2024-3484
Malicious code in bioql PyPI...
CVE-2024-54140
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
GHSA-JP26-88MW-89QR sigstore-java has a vulnerability with bundle verification
Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. Impact This bug impacts clients using any variation of KeylessVerifier.verify Currently checkpoints are only used to ensure the root hash of an inclusion proof was...
sigstore-java has a vulnerability with bundle verification
Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. Impact This bug impacts clients using any variation of KeylessVerifier.verify Currently checkpoints are only used to ensure the root hash of an inclusion proof was...
CVE-2024-54140 sigstore-java has a vulnerability with bundle verification
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
CVE-2024-54140 sigstore-java has a vulnerability with bundle verification
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
PT-2024-36069 · Unknown · Sigstore-Java
Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to 1.2.0 Description: The issue is related to insufficient verification for a situation where a bundle provides an invalid signature for a checkpoint. This affects clients using any variation of...