aries-cloudagent@0.3.2 vulnerabilities

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.

latest version

0.12.1
latest non vulnerable version

1.0.0rc3
first published

5 years ago
latest version published

15 days ago
licenses detected
- Apache-2.0
  [0,)
View aries-cloudagent package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the aries-cloudagent package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Improper Authentication aries-cloudagent is a Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. Affected versions of this package are vulnerable to Improper Authentication due to faulty verification of the `document.proof` during the presentation process. An attacker can manipulate the presentation of credentials to appear as verified despite the presence of errors or mismatches in the challenge, potentially leading to unauthorized access or actions. How to fix Improper Authentication? Upgrade `aries-cloudagent` to version 0.10.5, 0.11.0 or higher.	[,0.10.5) [0.11.0rc1,0.11.0)

Improper Authentication

aries-cloudagent is a Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.

Affected versions of this package are vulnerable to Improper Authentication due to faulty verification of the document.proof during the presentation process. An attacker can manipulate the presentation of credentials to appear as verified despite the presence of errors or mismatches in the challenge, potentially leading to unauthorized access or actions.

How to fix Improper Authentication?

Upgrade aries-cloudagent to version 0.10.5, 0.11.0 or higher.

[,0.10.5) [0.11.0rc1,0.11.0)

Go back to all versions of this package

aries-cloudagent@0.3.2 vulnerabilities

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities