2 matches found
GHSA-9C54-X2G4-V92J Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality
Impact An unauthenticated remote attacker can trigger unbounded memory growth on the timestamp authority server. This vulnerability exists because the global wrapMetrics middleware records the raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency a...
PT-2026-54445
Name of the Vulnerable Software and Affected Versions Sigstore Timestamp Authority versions prior to v2.0.7 Description An unauthenticated remote attacker can cause unbounded memory growth on the timestamp authority server. The issue occurs because the wrapMetrics middleware records the raw HTTP...