You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
malformed proposed intoto entries can cause a panic
Moderate severity
GitHub Reviewed
Published
May 26, 2023
in
sigstore/rekor
•
Updated Nov 4, 2023
A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.
Impact
A malformed proposed entry of the
intoto/v0.0.2
type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.Patches
This is fixed in v1.2.0 of Rekor.
Workarounds
No
References
Discovered by OSS-Fuzz
References