slsa-verifier vulnerable to mproper validation of npm's publish attestations
Summary slsa-verifier<=2.4.0 does not correctly verify npm's publish attestations signature. Proof of concept Steps to reproduce: curl -Sso attestations.json $(npm view @trishankatdatadog/supreme-goggles –json | jq -r '.dist.attestations.url') curl -Sso supreme-goggles.tgz "$(npm view @trishankatdatadog/supreme-goggles –json | jq -r '.dist.tarball')" In attestations.json, take the value addressed by the jq selector .attestations[0].bundle.dsseEnvelope.payload, base64decode it, tamper with it, base64encode that, and replace the original value with that. Save the file as attestations_tampered.json. Here is …