Skip to content

[🐸 Frogbot] Update version of github.com/sigstore/sigstore-go to 1.2.0#76

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
frogbot-github.com/sigstore/sigstore-go-5b0ace57fbb355adb247d6b38f3122e7
Open

[🐸 Frogbot] Update version of github.com/sigstore/sigstore-go to 1.2.0#76
github-actions[bot] wants to merge 1 commit into
mainfrom
frogbot-github.com/sigstore/sigstore-go-5b0ace57fbb355adb247d6b38f3122e7

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
medium
Medium
CVE-2026-49834 Not Covered github.com/sigstore/rekor-tiles/v2:v2.2.1
github.com/sigstore/sigstore-go:v1.1.4
github.com/sigstore/sigstore-go v1.1.4 [1.2.0]

🔖 Details

Vulnerability Details

Contextual Analysis: Not Covered
Direct Dependencies: github.com/sigstore/rekor-tiles/v2:v2.2.1, github.com/sigstore/sigstore-go:v1.1.4
Impacted Dependency: github.com/sigstore/sigstore-go:v1.1.4
Fixed Versions: [1.2.0]
CVSS V3: 5.9

sigstore-go has a multi-log threshold bypass via single compromised log


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant