Closed 8e8b2c closed 3 weeks ago
This recent work on allowing for multiple authorities overlooked that ExternalIdAttestations weren't being constrained by recipes - as such, falsified/untrusted external IDs can be trivially injected into recipe executions.
This recent work on allowing for multiple authorities overlooked that ExternalIdAttestations weren't being constrained by recipes - as such, falsified/untrusted external IDs can be trivially injected into recipe executions.