Vulnerabilities > Sigstore

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-04	CVE-2024-45395	Infinite Loop vulnerability in Sigstore Sigstore-Go sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. network low complexity sigstore CWE-835	7.5
2023-11-10	CVE-2023-47122	Improper Verification of Cryptographic Signature vulnerability in Sigstore Gitsign 0.6.0/0.7.0/0.7.1 Gitsign is software for keyless Git signing using Sigstore. network high complexity sigstore CWE-347	5.3
2023-11-07	CVE-2023-46737	Infinite Loop vulnerability in Sigstore Cosign Cosign is a sigstore signing tool for OCI containers. network low complexity sigstore CWE-835	5.3
2022-02-18	CVE-2022-23649	Improper Certificate Validation vulnerability in Sigstore Cosign Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. local low complexity sigstore CWE-295	2.1

Vulnerabilities > Sigstore {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sigstore"}]}