sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-3116" }