VDB
KO

GO-2024-2472

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Details

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/notaryproject/notation
Introduced in: 0

No fixed version published yet for github.com/notaryproject/notation (go modules). Pin to a known-safe version or switch to an alternative.

References