CVE-2026-48815 in sigstore-js情報

要約

〜によって MITRE • 2026年07月15日

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications relying on certificateOIDs to restrict which certificates may sign artifacts can accept unauthorized certificates. This issue is fixed in version 4.1.1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

責任者

GitHub M

予約する

2026年05月22日

モデレーション

承諾済み

エントリ

VDB-379044

EPSS

0.00000

アクティビティ

非常低い

ソース

Want to stay up to date on a daily basis?

Enable the mail alert feature now!