CVE-2024-23332

MEDIUM4.0EPSS 0.04%

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

發布日:2024/1/19修改日:2026/3/3

描述

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

受影響套件(2)

Go/github.com/notaryproject/notationfrom 0, <= 1.0.0
Go/github.com/notaryproject/notationfrom 0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-23332
PATCHhttps://github.com/notaryproject/specifications
WEBhttps://github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a
WEBhttps://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8