3 matches found
Denial Of Service (DoS)
github.com/notaryproject/notation is vulnerable to Denial of Service DoS attacks. The vulnerability is due to the maxSignatureAttempts in verify.go, which allows an attacker to cause denial of service by submitting endless signature data...
GHSA-RVRX-RRWH-R9P6 Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Impact An attacker who controls or compromises a registry can make the registry serve an infinite number of signatures for the artifact, causing a denial of service to the host machine running notation verify. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade the...
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Impact An attacker who controls or compromises a registry can make the registry serve an infinite number of signatures for the artifact, causing a denial of service to the host machine running notation verify. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade the...