sigstore-java has a vulnerability with bundle verification
sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint.
Advisories for Maven/Dev.sigstore/Sigstore-Java package
2024
sigstore-java has vulnerability with bundle verification
sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log