Notation's default maxSignatureAttempts in notation verify enables an endless data attack in github.com/notaryproject/notation
maxSignatureAttempts
notation verify
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-1831" }