@digitalbazaar/zcap/.../zcap@7.2.0 vulnerabilities

Authorization Capabilities reference implementation.

  • latest version

    9.0.1

  • latest non vulnerable version

  • first published

    2 years ago

  • latest version published

    8 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @digitalbazaar/zcap package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insufficient Session Expiration

    @digitalbazaar/zcap is an Authorization Capabilities reference implementation.

    Affected versions of this package are vulnerable to Insufficient Session Expiration due to incomplete expiration checks in capability chains. When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. However, a zcap still cannot be invoked without being able to use the associated private key material.

    How to fix Insufficient Session Expiration?

    Upgrade @digitalbazaar/zcap to version 9.0.1 or higher.

    <9.0.1