Lucene search
K

4 matches found

OSV
OSV
added 2026/02/23 6:23 p.m.4 views

GO-2026-4529 Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign

Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign...

3.7CVSS5.3AI score0.00197EPSS
Exploits2References4
OSV
OSV
added 2024/06/05 3:10 p.m.10 views

GO-2024-2719 Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign

Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign...

7.5CVSS5.6AI score0.00851EPSS
Exploits1References6
Veracode
Veracode
added 2024/04/15 9:2 a.m.21 views

Denial Of Service (DOS)

github.com/sigstore/cosign is vulnerable to a Denial of Service DoS. The vulnerability is due to allocating excessive memory when creating slices based on the number of signatures, manifests, or attestations in untrusted artifacts. This flaw allows an attacker to trigger a Denial of Service via...

7.5CVSS4.2AI score0.00851EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2023/11/08 6:51 a.m.13 views

Denial Of Service

github.com/sigstore/cosign is vulnerable to Denial Of Service DoS. The vulnerability arises due to a lack of validation of "l" slice in the FetchAttestations method. An attacker who controls a remote registry can return huge number of attestations to cosign and cause cosign to enter into an endle...

5.3CVSS7AI score0.0064EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder