VULNRABLE / Vulnerability / GHSA-9r4w-jg96-92mv
GHSA-9r4w-jg96-92mv
MEDIUM github.com/google/go-attestation GHSA
CVSS Score
5.5
Severity
MEDIUM
EPSS
—
Source
GHSA
Summary
Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()
What this means
GHSA-9r4w-jg96-92mv is a medium-severity vulnerability affecting github.com/google/go-attestation, rated CVSS 5.5. Published June 12, 2026.
View full advisory at GHSA →