Go modules package
github.com/notaryproject/notation-go
pkg:golang/github.com/notaryproject/notation-go
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56138 | Med | 4.0 | >= 1.2.0-beta.1, < 1.3.0-rc.2 | 1.3.0-rc.2 | Jan 13, 2025 | notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certif | |
| CVE-2024-51491 | — | >= 1.3.0-rc.1, < 1.3.0-rc.2 | 1.3.0-rc.2 | Jan 13, 2025 | notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CR | ||
| CVE-2023-33959 | — | < 1.0.0-rc.6 | 1.0.0-rc.6 | Jun 6, 2023 | notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-r | ||
| CVE-2023-25656 | — | < 1.0.0-rc.3 | 1.0.0-rc.3 | Feb 20, 2023 | notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus av |
- affected >= 1.2.0-beta.1, < 1.3.0-rc.2fixed 1.3.0-rc.2
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certif
- CVE-2024-51491Jan 13, 2025affected >= 1.3.0-rc.1, < 1.3.0-rc.2fixed 1.3.0-rc.2
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CR
- CVE-2023-33959Jun 6, 2023affected < 1.0.0-rc.6fixed 1.0.0-rc.6
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-r
- CVE-2023-25656Feb 20, 2023affected < 1.0.0-rc.3fixed 1.0.0-rc.3
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus av