An attacker who controls or compromises a registry can lead a user to verify the wrong artifact.
{ "url": "https://pkg.go.dev/vuln/GO-2023-1832", "review_status": "REVIEWED" }
{ "imports": [ { "path": "github.com/notaryproject/notation-go", "symbols": [ "Sign", "Verify" ] } ] }