CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

EUVD-2024-2773

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2025:1333-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1333-1 advisory. - CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to l...

GO-2024-3116 sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go...

Denial Of Service (DoS)

sigstore-go is vulnerable to Denial Of Service DoS. The vulnerability is due to lack of limits on the amount of verifiable data that can be included in a Sigstore Bundle, allowing to consume excessive resource during the verification process...

CVE-2024-45395

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack

Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these...

CVE-2024-45395 Unbounded loop over untrusted input can lead to endless data attack

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

CVE-2024-45395 Unbounded loop over untrusted input can lead to endless data attack

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

CVE-2024-45395

Sigstore-go versions before 0.6.1 are vulnerable to an Endless data attack when verifying Sigstore Bundles containing large amounts of verifiable data (signed transparency log entries, RFC 3161 timestamps, attestation subjects). The issue causes high CPU usage and can disrupt verification process...

CVE-2024-45395 Unbounded loop over untrusted input can lead to endless data attack

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

sigstore-go 安全漏洞

sigstore-go is a client library for Sigstore from the sigstore open source. A security vulnerability exists in sigstore-go versions prior to 0.6.1, which stems from the processing of maliciously constructed Sigstore Bundles containing massively verifiable data that can lead to excessive CPU...