VYPR

rpm package

opensuse/python-sigstore&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-sigstore&distro=openSUSE%20Tumbleweed

Vulnerabilities (1)

  • CVE-2026-24408Jan 26, 2026
    affected < 4.2.0-1.1fixed 4.2.0-1.1

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the authe