8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.2%
An attacker who controls or compromises a registry can lead a user to verify the wrong artifact.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/notaryproject/notation-go | lt | 1.0.0-rc.6 |
github.com/notaryproject/notation-go/commit/39c8ed050a65cca3f3f308534acb612096735a64
github.com/notaryproject/notation-go/commit/eba60f5aed9c9e05dee55324423c95fe34700b4c
github.com/notaryproject/notation-go/releases/tag/v1.0.0-rc.6
github.com/notaryproject/notation-go/security/advisories/GHSA-xhg5-42rf-296r