Insufficient Session Expiration

@digitalbazaar/zcap is vulnerable to Insufficient Session Expiration. This vulnerability is due to improper validation of the expires property when invoking a capability with a chain depth of 2, allowing invocations outside the intended period...

CVE-2024-31995 zcap has incomplete expiration checks in capability chains.

@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...

@bedrock/did-io (>=7.0.0 <=10.1.0), @bedrock/edv-storage (>=14.0.0 <=15.2.0) +29 more potentially affected by CVE-2024-31995 via @digitalbazaar/zcap (>=7.2.2 <=8.0.0)

@digitalbazaar/zcap NPM version =7.2.2, =7.0.0, =14.0.0, =13.0.0, =7.0.0, =6.0.0, =16.0.0, =15.0.0, =5.1.0, =4.0.0, =1.0.0, =2.0.0, =15.0.0, =5.0.0, =2.0.0, =5.0.0, =7.0.0 and more Source cves: CVE-2024-31995 Source advisory: OSV:GHSA-HP8H-7X69-4WMV...