CVE-2024-56138
CVE-2024-56138 affects notion-go, a library for signing/verifying OCI artifacts. The timestamp signature generation path did not verify the revocation status of certificates in the TSA chain, enabling a potential MITM-era countersignature that could be stored by notation and cause CI/CD signature...