CVE-2026-24117
- EPSS 0.04%
- Veröffentlicht 22.01.2026 22:16:21
- Zuletzt bearbeitet 02.02.2026 15:07:44
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can t...
CVE-2026-23831
- EPSS 0.04%
- Veröffentlicht 22.01.2026 21:26:22
- Zuletzt bearbeitet 02.02.2026 15:06:43
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function...
CVE-2023-33199
- EPSS 0.11%
- Veröffentlicht 26.05.2023 23:15:18
- Zuletzt bearbeitet 21.11.2024 08:05:06
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread...
CVE-2023-30551
- EPSS 0.42%
- Veröffentlicht 08.05.2023 16:15:09
- Zuletzt bearbeitet 21.11.2024 08:00:24
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JA...