Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-1?distro=sid
Typedeb
Namespacedebian
Namegolang-github-notaryproject-notation-go
Version1.3.2-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.3.2-2
Latest_non_vulnerable_version1.3.2-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-t6m1-wsf4-zkdk
vulnerability_id VCID-t6m1-wsf4-zkdk
summary notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificate(s) used to generate the timestamp signature was not verified. During timestamp signature generation, notation-go did not check the revocation status of the certificate chain used by the TSA. This oversight creates a vulnerability that could be exploited through a Man-in-The-Middle attack. An attacker could potentially use a compromised, intermediate, or revoked leaf certificate to generate a malicious countersignature, which would then be accepted and stored by `notation`. This could lead to denial of service scenarios, particularly in CI/CD environments during signature verification processes because timestamp signature would fail due to the presence of a revoked certificate(s) potentially disrupting operations. This issue has been addressed in release version 1.3.0-rc.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56138
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00725
published_at 2026-06-11T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00729
published_at 2026-06-14T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00723
published_at 2026-06-12T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00724
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56138
1
reference_url https://github.com/notaryproject/notation-go
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/notaryproject/notation-go
2
reference_url https://github.com/notaryproject/notation-go/commit/e99be1954a15673020150c5f8800b8174cd7428d
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/notaryproject/notation-go/commit/e99be1954a15673020150c5f8800b8174cd7428d
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56138
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56138
4
reference_url https://pkg.go.dev/vuln/GO-2025-3381
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2025-3381
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094409
reference_id 1094409
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094409
6
reference_url https://github.com/notaryproject/notation-go/commit/e7005a6d13e5ba472d4e166fbb085152f909e102
reference_id e7005a6d13e5ba472d4e166fbb085152f909e102
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T00:25:46Z/
url https://github.com/notaryproject/notation-go/commit/e7005a6d13e5ba472d4e166fbb085152f909e102
7
reference_url https://github.com/notaryproject/notation-go/security/advisories/GHSA-45v3-38pc-874v
reference_id GHSA-45v3-38pc-874v
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T00:25:46Z/
url https://github.com/notaryproject/notation-go/security/advisories/GHSA-45v3-38pc-874v
fixed_packages
0
url pkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-1?distro=sid
purl pkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-1%3Fdistro=sid
1
url pkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-2?distro=sid
purl pkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-2%3Fdistro=sid
aliases CVE-2024-56138, GHSA-45v3-38pc-874v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6m1-wsf4-zkdk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-notaryproject-notation-go@1.3.2-1%3Fdistro=sid