Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...

PT-2024-19011

Name of the Vulnerable Software and Affected Versions Hyperledger Aries Cloud Agent Python ACA-Py versions 0.7.0 through 0.10.4 Description The issue arises when verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs. The result of verifying the presentation...

PT-2023-31371 · Unknown · Structured Content

Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD versions n/a through 1.5.3 Description: The issue is related to Deserialization of Untrusted Data, which affects the Structured Content JSON-LD plugin. No information is provided about the estimated number of...

PT-2023-31373 · Unknown · Structured Content (Json-Ld) #Wpsc

Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD wpsc versions 1.5.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which can lead to Stored Cross-site Scripting XSS. This allows attackers to inject...

Apache Jena Code Execution Vulnerability

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena suffers from a code execution vulnerability that stems from insufficient restrictions on called script functions. An attacker can exploi...

Apache Jena 安全漏洞

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena suffers from a code execution vulnerability that stems from insufficient restrictions on called script functions. An attacker can exploi...

ProLOD SQL注入漏洞

ProLOD is an HPI-Information-Systems open source project. Contains algorithms for performing data analysis on Linked Data. ProLOD has a SQL injection vulnerability. Attackers exploit this vulnerability to perform sql injection attacks...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

Mastodon 安全漏洞

Mastodon is an open source social network server based on ActivityPub. Mastodon suffers from a security vulnerability that stems from incorrect access control, as it does not compress incoming signed JSON-LD activities...