Vulnerability Report: GO-2024-2472

CVE-2024-23332, GHSA-57wx-m636-g3g8
Affects: github.com/notaryproject/notation
Published: Jun 28, 2024
Unreviewed

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

For detailed information about this vulnerability, visit https://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8 or https://nvd.nist.gov/vuln/detail/CVE-2024-23332.

Affected Modules

Path

Go Versions
github.com/notaryproject/notation

all versions, no known fixed

Aliases

CVE-2024-23332
GHSA-57wx-m636-g3g8

References

https://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8
https://nvd.nist.gov/vuln/detail/CVE-2024-23332
https://github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a
https://vuln.go.dev/ID/GO-2024-2472.json

Feedback

This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL