VYPR

Go modules package

github.com/sigstore/sigstore-go

pkg:golang/github.com/sigstore/sigstore-go

Vulnerabilities (1)

  • CVE-2024-45395Sep 4, 2024
    affected < 0.6.1fixed 0.6.1

    sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparen