3 matches found
CVE-2022-21707
wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly WASM actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, b...
CVE-2022-21707 Incorrect Authorization in wasmCloud
wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly WASM actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, b...
CVE-2022-21707
CVE-2022-21707 affects wasmCloud Host Runtime. In versions prior to 0.52.2, actor capability claims are not verified on inbound invocations, allowing unauthorized invocations from linked capability providers and weakening the actor security model. The issue is fixed in 0.52.2 and later; there is ...