rekor-fips
Chainguard
7.5
CVSS V3
Status
Justification
Impact
Module "sigstore/reko" at "/usr/bin/rekor-server": the commit of the fixed version (d3162350e96098ca8a24adfdbee42057e43b5de6) tagged as v1.0.1 is an ancestor of current installed commit (a6788566cd62facb0fb0450e9d2c2867f551e37c) tagged as v1.3.6, which means the installed version was misidentified by the scanner and the vulnerability has actually been fixed.
Status