Notation-go Security Vulnerabilities and Issues — Notation-go CVE List

Lucene search

NotaryprojectNotation-go

7 matches found

CVE•added 2023/06/06 7:15 p.m.•317 views

CVE-2023-33959

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users...

8.8CVSS8.4AI score0.0011EPSS

CVE•added 2023/02/20 4:15 p.m.•314 views

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is impac...

7.5CVSS7.4AI score0.00111EPSS

CVE•added 2025/01/13 10:15 p.m.•183 views

CVE-2024-56138

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificate(s) used to ge...

4CVSS4.2AI score0.00018EPSS

CVE•added 2023/06/06 7:15 p.m.•45 views

CVE-2023-33957

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The prob...

5.7CVSS4.6AI score0.00041EPSS

CVE•added 2023/06/06 7:15 p.m.•37 views

CVE-2023-33958

6.5CVSS5.9AI score0.00068EPSS

CVE•added 2025/01/13 10:15 p.m.•31 views

CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature.After retrieving the CRL, notation-go attem...

3.3CVSS3.9AI score0.00019EPSS

CVE•added 2024/01/19 11:15 p.m.•23 views

CVE-2024-23332

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of ...

6.8CVSS6.6AI score0.00036EPSS