Vulnerabilities > Sigstore

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-45395 Infinite Loop vulnerability in Sigstore Sigstore-Go
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects.
network
low complexity
sigstore CWE-835
7.5
2023-11-10 CVE-2023-47122 Unspecified vulnerability in Sigstore Gitsign 0.6.0/0.7.0/0.7.1
Gitsign is software for keyless Git signing using Sigstore.
network
high complexity
sigstore
5.3
2023-11-07 CVE-2023-46737 Infinite Loop vulnerability in Sigstore Cosign
Cosign is a sigstore signing tool for OCI containers.
network
low complexity
sigstore CWE-835
5.3
2022-09-14 CVE-2022-36056 Unspecified vulnerability in Sigstore Cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure.
local
low complexity
sigstore
5.5
2022-08-04 CVE-2022-35930 Unspecified vulnerability in Sigstore Policy Controller 0.1.0/0.2.0
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters.
network
low complexity
sigstore
8.8
2022-08-04 CVE-2022-35929 Unspecified vulnerability in Sigstore Cosign
cosign is a container signing and verification utility.
network
low complexity
sigstore
critical
9.8
2022-02-18 CVE-2022-23649 Unspecified vulnerability in Sigstore Cosign
Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project.
local
low complexity
sigstore
3.3