{"id":"GO-2025-3381","summary":"notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go","details":"notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go","aliases":["CVE-2024-56138","GHSA-45v3-38pc-874v"],"modified":"2026-02-04T02:27:41.243063Z","published":"2025-01-14T15:57:58Z","related":["CGA-fhf8-fh2w-vggp"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3381"},"references":[{"type":"ADVISORY","url":"https://github.com/notaryproject/notation-go/security/advisories/GHSA-45v3-38pc-874v"},{"type":"FIX","url":"https://github.com/notaryproject/notation-go/commit/e99be1954a15673020150c5f8800b8174cd7428d"}],"affected":[{"package":{"name":"github.com/notaryproject/notation-go","ecosystem":"Go","purl":"pkg:golang/github.com/notaryproject/notation-go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.2.0-beta.1"},{"fixed":"1.3.0-rc.2"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3381.json"}}],"schema_version":"1.7.3"}