Vulnerability Report: GO-2022-0758
- CVE-2022-35929, GHSA-vjxv-45g9-9296
- Affects: github.com/sigstore/cosign
- Published: Nov 09, 2023
Improper verification of signature attestations in github.com/sigstore/cosign
For detailed information about this vulnerability, visit https://github.com/sigstore/cosign/security/advisories/GHSA-vjxv-45g9-9296.
Affected Packages
-
PathVersionsSymbols
-
before v1.10.1
Aliases
References
- https://github.com/sigstore/cosign/security/advisories/GHSA-vjxv-45g9-9296
- https://github.com/sigstore/cosign/commit/c5fda01a8ff33ca981f45a9f13e7fb6bd2080b94
- https://vuln.go.dev/ID/GO-2022-0758.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.