Go modules package
github.com/notaryproject/notation
pkg:golang/github.com/notaryproject/notation
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23332 | Med | 4.0 | <= 1.0.0 | — | Jan 19, 2024 | The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide ou | |
| CVE-2023-33958 | Med | 5.4 | < 1.0.0-rc.6 | 1.0.0-rc.6 | Jun 6, 2023 | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same | |
| CVE-2023-33957 | Low | 2.6 | < 1.0.0-rc.6 | 1.0.0-rc.6 | Jun 6, 2023 | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the sam |
- affected <= 1.0.0
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide ou
- affected < 1.0.0-rc.6fixed 1.0.0-rc.6
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same
- affected < 1.0.0-rc.6fixed 1.0.0-rc.6
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the sam