Vulnerabilidades em sigstore
29 resultadosCVE-2023-30551HIGHRekor's compressed archives can result in OOM conditionsEPSS 1.1%CVE-2024-29903MEDIUMCosign vulnerable to machine-wide denial of service via malicious artifactsEPSS 0.9%CVE-2023-33199MEDIUMmalformed proposed intoto v0.0.2 entries can cause a panic in RekorEPSS 0.7%CVE-2024-29902MEDIUMCosign vulnerable to system-wide denial of service via malicious attachmentsEPSS 0.7%CVE-2023-46737LOWPossible endless data attack from attacker-controlled registry in cosignEPSS 0.6%CVE-2022-35929HIGHFalse positive signature verification in cosignEPSS 0.5%CVE-2022-35930HIGHAbility to bypass attestation verification in sigstore PolicyControllerEPSS 0.5%CVE-2024-45395LOWUnbounded loop over untrusted input can lead to endless data attackEPSS 0.4%CVE-2025-66564HIGHSigstore Timestamp Authority allocates excessive memory during request parsingEPSS 0.4%CVE-2026-23831MEDIUMRekor COSE v0.0.1 Canonicalize crashes when passed empty MessageEPSS 0.4%CVE-2026-24137MEDIUMsigstore legacy TUF client allows for arbitrary file writes with target cache path traversalEPSS 0.4%CVE-2023-47122MEDIUMGitsign's Rekor public keys fetched from upstream API instead of local TUF client.EPSS 0.4%CVE-2026-24117MEDIUMRekor affected by Server-Side Request Forgery (SSRF) via provided public key URLEPSS 0.3%CVE-2026-39395MEDIUMCosign's verify-blob-attestation reports false positive when payload parsing failsEPSS 0.2%CVE-2024-55655LOWsigstore-python has insufficient validation of integration timestamp during verificationEPSS 0.2%CVE-2026-22772MEDIUMFulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex BypassEPSS 0.2%CVE-2026-31830HIGHsigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digestEPSS 0.2%CVE-2024-54140LOWsigstore-java has a vulnerability with bundle verificationEPSS 0.2%CVE-2026-24122LOWCosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be OverlookedEPSS 0.2%CVE-2025-66506HIGHFulcio allocates excessive memory during token parsingEPSS 0.2%