cosign-fips vulnerabilities

Known vulnerabilities in the cosign-fips package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L GHSA-w32m-9786-jp63	<2.4.1-r3
L CVE-2024-45338	<2.4.1-r3
L CVE-2024-45337	<2.4.1-r2
L GHSA-v778-237x-gjrc	<2.4.1-r2
L Improper Handling of Exceptional Conditions	<2.4.1-r1
L GHSA-29wx-vh33-7x7r	<2.4.1-r1
L GHSA-4f8r-qqr9-fq8j	<2.4.0-r4
L Race Condition	<2.4.0-r4
L GHSA-c77r-fh37-x2px	<2.4.0-r3
H Authentication Bypass	<2.4.0-r3
L CVE-2024-34158	<2.4.0-r2
L GHSA-cq38-jh5f-37mq	<2.4.0-r2
L CVE-2024-34156	<2.4.0-r2
L GHSA-j7vj-rw65-4v26	<2.4.0-r2
L CVE-2024-34155	<2.4.0-r2
L GHSA-crqm-pwhx-j97f	<2.4.0-r2
L GHSA-8xfx-rj4p-23jm	<2.4.0-r2
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2.4.0-r2
L GHSA-v23v-6jw2-98fq	<2.3.0-r1
L CVE-2024-41110	<2.3.0-r1
L CVE-2024-24791	<2.2.4-r6
L GHSA-hw49-2p59-3mhj	<2.2.4-r6
L GHSA-v6v8-xj6m-xwqh	<2.2.4-r5
M Information Exposure Through Log Files	<2.2.4-r5
M Race Condition	<2.2.4-r4
L GHSA-m5vv-6r4h-3vj9	<2.2.4-r4
L GHSA-49gw-vxvf-fc2g	<2.2.4-r3
L GHSA-236w-p7wf-5ph8	<2.2.4-r3
C CVE-2024-24790	<2.2.4-r3
M CVE-2024-24789	<2.2.4-r3
L CVE-2024-24787	<2.2.4-r2
L CVE-2024-24788	<2.2.4-r2
L GHSA-2jwv-jmq4-4j3r	<2.2.4-r2
L GHSA-5fq7-4mxc-535h	<2.2.4-r2
L GHSA-4v7x-pqxf-cx7m	<2.2.4-r1
L CVE-2023-45288	<2.2.4-r1
H Origin Validation Error	<2.2.3-r4
L GHSA-xw73-rw38-6vjc	<2.2.3-r4
L CVE-2024-28180	<2.2.3-r2
L GHSA-8r3f-844c-mc37	<2.2.3-r3
L CVE-2024-24786	<2.2.3-r3
L GHSA-c5q2-7r4c-mv6g	<2.2.3-r2
L GHSA-9763-4f94-gfch	<2.2.2-r1
L GHSA-2c7c-3mj9-8fqh	<2.2.2-r1
H NULL Pointer Dereference	<2.2.2-r1
M Resource Exhaustion	<2.2.2-r1
L GHSA-7f9x-gw85-8grf	<2.2.2-r1
L GHSA-45x7-px36-x8w8	<2.2.2-r1
M Improper Validation of Integrity Check Value	<2.2.2-r1
L GHSA-pvcr-v8j8-j5q3	<2.2.2-r1

Vulnerability

Vulnerable Version

<2.4.1-r3

<2.4.1-r3

<2.4.1-r2

<2.4.1-r2

Improper Handling of Exceptional Conditions

<2.4.1-r1