Описание
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (исключая)
cpe:2.3:a:linuxfoundation:rekor:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-617
CWE-617
Связанные уязвимости
CVSS3: 5.3
msrc
больше 2 лет назад
malformed proposed intoto v0.0.2 entries can cause a panic in Rekor
CVSS3: 5.3
debian
больше 2 лет назад
Rekor's goals are to provide an immutable tamper resistant ledger of m ...
CVSS3: 5.3
github
больше 2 лет назад
malformed proposed intoto entries can cause a panic
EPSS
Процентиль: 30%
0.00111
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-617
CWE-617