Go modules package
github.com/anchore/quill
pkg:golang/github.com/anchore/quill
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-31961 | — | < 0.7.1 | 0.7.1 | Mar 11, 2026 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is mos | ||
| CVE-2026-31960 | — | < 0.7.1 | 0.7.1 | Mar 11, 2026 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, | ||
| CVE-2026-31959 | — | < 0.7.1 | 0.7.1 | Mar 11, 2026 | Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery (SSRF) vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API re |
- CVE-2026-31961Mar 11, 2026affected < 0.7.1fixed 0.7.1
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is mos
- CVE-2026-31960Mar 11, 2026affected < 0.7.1fixed 0.7.1
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service,
- CVE-2026-31959Mar 11, 2026affected < 0.7.1fixed 0.7.1
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery (SSRF) vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API re