reports-server
Chainguard
7.5
CVSS V3
Status
Impact
Remediating this vulnerability requires upgrading github.com/sigstore/fulcio from v1.4.5 to 1.8.3. Because fulcio is a transitive dependency of github.com/sigstore/cosign, the issue is addressed in cosign version v3.0.3, which updates this dependency. However, upgrading to github.com/sigstore/cosign v3.0.3 currently results in build failures.
Status