rpm package
opensuse/rekor&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/rekor&distro=openSUSE%20Leap%2015.4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-33199 | — | < 1.2.1-150400.4.12.1 | 1.2.1-150400.4.12.1 | May 26, 2023 | Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client re | ||
| CVE-2023-30551 | — | < 1.1.1-150400.4.9.1 | 1.1.1-150400.4.9.1 | May 8, 2023 | Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can |
- CVE-2023-33199May 26, 2023affected < 1.2.1-150400.4.12.1fixed 1.2.1-150400.4.12.1
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client re
- CVE-2023-30551May 8, 2023affected < 1.1.1-150400.4.9.1fixed 1.1.1-150400.4.9.1
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can