Impact
A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.
Patches
This is fixed in v1.2.0 of Rekor.
Workarounds
No
References
Discovered by OSS-Fuzz
Impact
A malformed proposed entry of the
intoto/v0.0.2type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.Patches
This is fixed in v1.2.0 of Rekor.
Workarounds
No
References
Discovered by OSS-Fuzz