Skip to content

[🐸 Frogbot] Update version of github.com/sigstore/rekor to 1.5.2#71

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
frogbot-github.com/sigstore/rekor-25725674af15338b5a01ba9b95377b71
Open

[🐸 Frogbot] Update version of github.com/sigstore/rekor to 1.5.2#71
github-actions[bot] wants to merge 1 commit into
mainfrom
frogbot-github.com/sigstore/rekor-25725674af15338b5a01ba9b95377b71

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
high
High
CVE-2026-48702 Not Covered github.com/sigstore/rekor:v1.5.1 github.com/sigstore/rekor v1.5.1 [1.5.2]

🔖 Details

Vulnerability Details

Contextual Analysis: Not Covered
Direct Dependencies: github.com/sigstore/rekor:v1.5.1
Impacted Dependency: github.com/sigstore/rekor:v1.5.1
Fixed Versions: [1.5.2]
CVSS V3: 7.5

Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant