GO-2023-2332
See a problem?- Source
- https://pkg.go.dev/vuln/GO-2023-2332
- Import Source
- https://vuln.go.dev/ID/GO-2023-2332.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2023-2332
- Aliases
- Published
- 2024-08-21T14:30:22Z
- Modified
- 2024-08-21T14:56:43.303844Z
- Summary
- Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign
- Details
-
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign
- References
-
- https://github.com/sigstore/gitsign/security/advisories/GHSA-xvrc-2wvh-49vc
- https://nvd.nist.gov/vuln/detail/CVE-2023-47122
- https://github.com/sigstore/gitsign/commit/cd66ccb03c86a3600955f0c15f6bfeb75f697236
- https://github.com/sigstore/gitsign/pull/399
- https://docs.sigstore.dev/about/threat-model/#sigstore-threat-model
Affected packages
Go / github.com/sigstore/gitsign
Package
- Name
- github.com/sigstore/gitsign
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/sigstore/gitsign