VYPR

Go modules package

github.com/in-toto/in-toto-golang

pkg:golang/github.com/in-toto/in-toto-golang

Vulnerabilities (1)

  • CVE-2021-41087Sep 21, 2021
    affected < 0.3.0fixed 0.3.0

    in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISAL