{"id":"GO-2026-5778","summary":"Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor","details":"Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor","aliases":["CVE-2026-48702","GHSA-47q9-m4ww-924m"],"modified":"2026-07-08T15:29:22.973101404Z","published":"2026-07-07T15:26:32Z","related":["CGA-6mjq-v293-wr6f"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-5778","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/sigstore/rekor/security/advisories/GHSA-47q9-m4ww-924m"}],"affected":[{"package":{"name":"github.com/sigstore/rekor","ecosystem":"Go","purl":"pkg:golang/github.com/sigstore/rekor"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.3.0"},{"fixed":"1.5.2"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-5778.json"}}],"schema_version":"1.7.5"}