Affected by GO-2023-1829
and 2 other vulnerabilities
GO-2023-1829: Notation vulnerable to denial of service from high number of artifact signatures in github.com/notaryproject/notation
GO-2023-1831: Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack in github.com/notaryproject/notation
GO-2024-2472: Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry