Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service from high number of artifact signatures in notation
Vulnerability Description
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Notation 资源管理错误漏洞
Vulnerability Description
Notation是Notary Project开源的一个用于支持符号符号、验证、推送和拉取 oci 工件的库集合。 Notation v1.0.0-rc.6之前版本存在资源管理错误漏洞,该漏洞源于如果用户在同一台机器上运行 notation inspect 命令,攻击者可以破坏注册表并导致机器拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A