Vulnerability Report: GO-2022-1045
- CVE-2022-39237, GHSA-m5m3-46gj-wch8
- Affects: github.com/sylabs/sif/v2
- Published: Oct 21, 2022
- Modified: Jun 12, 2023
The Singularity Image Format (SIF) reference implementation does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.
For detailed information about this vulnerability, visit https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8.
Affected Packages
-
PathVersionsSymbols
-
before v2.8.1
Aliases
References
- https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8
- https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa
- https://vuln.go.dev/ID/GO-2022-1045.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.