Improper verification of signature attestations in github.com/sigstore/cosign
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0758" }
{ "imports": [ { "symbols": [ "VerifyAttestationCommand.Exec" ], "path": "github.com/sigstore/cosign/cmd/cosign/cli/verify" } ] }