Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Docker Notary 安全漏洞
Vulnerability Description
Docker Notary是美国Docker公司的一套用于发布和管理可信内容集合的工具。 Docker Notary 0.1之前版本中的gotuf/signed/verify.go文件存在安全漏洞。攻击者可通过将RSA-PSS密钥强制解析成Ed25519 elliptic-curve数据利用该漏洞伪造签名。
CVSS Information
N/A
Vulnerability Type
N/A