VYPR

Go modules package

github.com/notaryproject/notation

pkg:golang/github.com/notaryproject/notation

Vulnerabilities (3)

  • CVE-2024-23332MedJan 19, 2024
    affected <= 1.0.0

    The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide ou

  • CVE-2023-33958MedJun 6, 2023
    affected < 1.0.0-rc.6fixed 1.0.0-rc.6

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same

  • CVE-2023-33957LowJun 6, 2023
    affected < 1.0.0-rc.6fixed 1.0.0-rc.6

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the sam