Home > Vulnerability Database > WS-2020-0046

Mend.io Vulnerability Database

WS-2020-0046

Good to know:

Date: November 3, 2024

verifyVerifiablePresentation() method check the cryptographic integrity of the Verifiable Presentation, but it does not check if the credentialSubject.id DID matches the signer of the VP proof. leading the verifier to be impacted by the vulnerability.

Language: JS

Severity Score

6.5

Related Resources (4)

Url: https://github.com/rabobank-blockchain/vp-toolkit/commit/18a7db84d3265c6ffa10ef63eb37ae1bd4ba192b

Url: https://github.com/rabobank-blockchain/vp-toolkit/security/advisories/GHSA-ff5x-w9wg-h275

Url: https://github.com/rabobank-blockchain/vp-toolkit/issues/14

Url: https://www.mend.io/vulnerability-database/WS-2020-0046

Severity Score

6.5

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version 0.2.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0046

Good to know:

Date: November 3, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?