Description
When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period.
Recommendation
Update the @digitalbazaar/zcap package to the latest compatible version. Followings are version details:
- Affected version(s): < 9.0.1
- Patched version(s): 9.0.1
References
Related Issues
- vue-i18n has cross-site scripting vulnerability with prototype pollution - CVE-2024-52809
- Trix has a cross-site Scripting vulnerability on copy & paste - CVE-2024-43368
- vue-i18n has cross-site scripting vulnerability with prototype pollution - vue-i18n - CVE-2024-52809
- vue-i18n has cross-site scripting vulnerability with prototype pollution - @intlify/vue-i18n-core - CVE-2024-52809
You might also like:
- Tags:
- npm
- @digitalbazaar/zcap
Anything's wrong? Let us know Last updated on April 21, 2024


