{"id":"GO-2026-4672","summary":"Quill has DoS via unbounded read of HTTP response body during notarization in github.com/anchore/quill","details":"Quill has DoS via unbounded read of HTTP response body during notarization in github.com/anchore/quill","aliases":["CVE-2026-31960","GHSA-g32c-4pvp-769g"],"modified":"2026-03-23T04:52:52.822493Z","published":"2026-03-12T20:57:37Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4672"},"references":[{"type":"ADVISORY","url":"https://github.com/anchore/quill/security/advisories/GHSA-g32c-4pvp-769g"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31960"},{"type":"FIX","url":"https://github.com/anchore/quill/commit/9cdb0823ea1d2c45dcc11557f8c5cd7291c75d29"},{"type":"WEB","url":"https://developer.apple.com/documentation/notaryapi/get-submission-log"},{"type":"WEB","url":"https://github.com/anchore/quill/releases/tag/v0.7.1"}],"affected":[{"package":{"name":"github.com/anchore/quill","ecosystem":"Go","purl":"pkg:golang/github.com/anchore/quill"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.7.1"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4672.json"}}],"schema_version":"1.7.5"}