Improper Verification of Cryptographic Signature
Overview @sigstore/cli is a Sigstore CLI Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required certificate extension OIDs neve...