github.com/notaryproject/notation-go is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to exhaust memory through the signature verification component, either resulting in high memory load or an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/notaryproject/notation-go | le | v1.0.0-rc.2 | |
github.com/notaryproject/notation-go | le | v1.0.0-rc.2 |
github.com/notaryproject/notation-go/commit/5e5cba1e9adfae950c9610951565d2b8b7b03ccc
github.com/notaryproject/notation-go/commit/920ded24402b2727dedb6eb59d8d98ca4997c0e8
github.com/notaryproject/notation-go/pull/262
github.com/notaryproject/notation-go/pull/271
github.com/notaryproject/notation-go/releases/tag/v1.0.0-rc.3
github.com/notaryproject/notation-go/security/advisories/GHSA-87x9-7grx-m28v