Vulnerabilities > Sigstore
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-04 | CVE-2024-45395 | Infinite Loop vulnerability in Sigstore Sigstore-Go sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. | 7.5 |
2023-11-10 | CVE-2023-47122 | Unspecified vulnerability in Sigstore Gitsign 0.6.0/0.7.0/0.7.1 Gitsign is software for keyless Git signing using Sigstore. | 5.3 |
2023-11-07 | CVE-2023-46737 | Infinite Loop vulnerability in Sigstore Cosign Cosign is a sigstore signing tool for OCI containers. | 5.3 |
2022-09-14 | CVE-2022-36056 | Unspecified vulnerability in Sigstore Cosign Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. | 5.5 |
2022-08-04 | CVE-2022-35930 | Unspecified vulnerability in Sigstore Policy Controller 0.1.0/0.2.0 PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. | 8.8 |
2022-08-04 | CVE-2022-35929 | Unspecified vulnerability in Sigstore Cosign cosign is a container signing and verification utility. | 9.8 |
2022-02-18 | CVE-2022-23649 | Unspecified vulnerability in Sigstore Cosign Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. | 3.3 |