Vulnerability Report: GO-2022-0998
- CVE-2022-36056, GHSA-8gw7-4j42-w388
- Affects: github.com/sigstore/cosign
- Published: Nov 09, 2023
- Modified: May 20, 2024
Improper blob verification in github.com/sigstore/cosign
For detailed information about this vulnerability, visit https://github.com/sigstore/cosign/security/advisories/GHSA-8gw7-4j42-w388.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.12.0
-
before v1.12.0
Aliases
References
- https://github.com/sigstore/cosign/security/advisories/GHSA-8gw7-4j42-w388
- https://github.com/sigstore/cosign/commit/80b79ed8b4d28ccbce3d279fd273606b5cddcc25
- https://github.com/sigstore/cosign/releases/tag/v1.12.0
- https://vuln.go.dev/ID/GO-2022-0998.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.