4 matches found
Packistry 代码问题漏洞
Packistry is an open-source, self-hosted Composer repository developed by Packistry. Versions of Packistry prior to 0.13.0 had code-related vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of token expiration checks, which could lead to unauthorized access...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
GHSA-HP8H-7X69-4WMV zcap has incomplete expiration checks in capability chains.
Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...