CVE-2026-48815 in sigstore-jsinformación

Resumen

por MITRE • 2026-07-15

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications relying on certificateOIDs to restrict which certificates may sign artifacts can accept unauthorized certificates. This issue is fixed in version 4.1.1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsable

GitHub M

Reservar

2026-05-22

Divulgación

2026-07-15

Moderación

aceptado

Artículo

VDB-379044

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Do you need the next level of professionalism?

Upgrade your account now!