VYPR

Notation Go

by Notaryproject

Source repositories

CVEs (6)

  • CVE-2023-33959HigJun 6, 2023
    risk 0.47cvss 8.3epss 0.00

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to…

  • CVE-2023-25656HigFeb 20, 2023
    risk 0.42cvss 7.5epss 0.00

    notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus…

  • CVE-2023-33958MedJun 6, 2023
    risk 0.28cvss 5.4epss 0.00

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the…

  • CVE-2024-56138MedJan 13, 2025
    risk 0.19cvss 4.0epss 0.00

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the…

  • CVE-2024-51491LowJan 13, 2025
    risk 0.14cvss 3.3epss 0.00

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the…

  • CVE-2023-33957LowJun 6, 2023
    risk 0.10cvss 2.6epss 0.01

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the…