2 matches found
CVE-2026-48815
Summary of CVE-2026-48815 : In sigstore-js, the documented certificateOIDs option in sigstore.verify() is accepted by the public API before verification but discarded during verification, causing certificate extension OIDs to not be checked. This allows applications to accept unauthorized certifi...
SUSE CVE-2024-45395
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...