Gitsign versions before 0.16.0 verify signatures by re-encoding git commit or tag objects using go-git's EncodeWithoutSignature function rather than verifying signatures against the raw git object bytes. For malformed git objects containing duplicate tree headers, git-core and go-git parse different trees: git-core uses the first tree header, while go-git uses the second. An attacker can craft a signature over the go-git-normalized form (second tree), which gitsign accepts as valid, but git-core resolves the commit to a different tree. This discrepancy breaks the fundamental security invariant that a verified signature, the commit semantics presented to users, and the logged object hash all refer to the same content. The vulnerability is addressed in gitsign version 0.16.0.

This vulnerability allows an attacker to create a signature that gitsign verifies as valid while the actual commit content interpreted by git-core differs. This undermines the trust in signed git commits, potentially allowing malicious commits to appear legitimately signed and verified. There is no indication of confidentiality or availability impact. No known exploits are reported in the wild.

Upgrade gitsign to version 0.16.0 or later, where this signature verification issue is fixed. Since no official patch links or vendor advisory are provided, confirm the upgrade from the official sigstore gitsign release notes or repository. Patch status is not explicitly confirmed in the provided data; therefore, check the vendor advisory for the latest remediation guidance.