Homepage

dev.sigstore:sigstore-java@1.1.0 vulnerabilities

  • latest version

    1.2.0

  • latest non vulnerable version

    1.2.0

  • first published

    2 years ago

  • latest version published

    7 days ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the dev.sigstore:sigstore-java package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Improper Input Validation

    Affected versions of this package are vulnerable to Improper Input Validation through the KeylessVerifier.verify process. An attacker can manipulate the verification process by altering the checkpoint signature in the bundle.

    Note: sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.

    How to fix Improper Input Validation?

    Upgrade dev.sigstore:sigstore-java to version 1.2.0 or higher.

    [,1.2.0)
    Go back to all versions of this package