GO-2026-4309
- Source
- https://pkg.go.dev/vuln/GO-2026-4309
- Import Source
- https://vuln.go.dev/ID/GO-2026-4309.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2026-4309
- Aliases
-
- BIT-cosign-2026-22703
- CVE-2026-22703
- GHSA-whqx-f9j3-ch6m
- Published
- 2026-01-13T16:42:40Z
- Modified
- 2026-01-13T17:11:59.830586Z
- Summary
- Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
- Details
-
Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2026-4309", "review_status": "UNREVIEWED" }- References
Affected packages
Go / github.com/sigstore/cosign
Package
- Name
- github.com/sigstore/cosign
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/sigstore/cosign
Go / github.com/sigstore/cosign/v2
Package
- Name
- github.com/sigstore/cosign/v2
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/sigstore/cosign/v2
Go / github.com/sigstore/cosign/v3
Package
- Name
- github.com/sigstore/cosign/v3
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/sigstore/cosign/v3