7 matches found
Insufficient Session Expiration
@digitalbazaar/zcap is vulnerable to Insufficient Session Expiration. This vulnerability is due to improper validation of the expires property when invoking a capability with a chain depth of 2, allowing invocations outside the intended period...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
zcap has incomplete expiration checks in capability chains.
Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...
@bedrock/did-io (>=7.0.0 <=10.1.0), @bedrock/edv-storage (>=14.0.0 <=15.2.0) +29 more potentially affected by CVE-2024-31995 via @digitalbazaar/zcap (>=7.2.2 <=8.0.0)
@digitalbazaar/zcap NPM version =7.2.2, =7.0.0, =14.0.0, =13.0.0, =7.0.0, =6.0.0, =16.0.0, =15.0.0, =5.1.0, =4.0.0, =1.0.0, =2.0.0, =15.0.0, =5.0.0, =2.0.0, =5.0.0, =7.0.0 and more Source cves: CVE-2024-31995 Source advisory: OSV:GHSA-HP8H-7X69-4WMV...
GHSA-HP8H-7X69-4WMV zcap has incomplete expiration checks in capability chains.
Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...