High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-04	CVE-2024-45395	Infinite Loop vulnerability in Sigstore Sigstore-Go sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. network low complexity sigstore CWE-835	7.5