GHSA-796p-j2gh-9m2q
dcap-qvl has Missing Verification for QE Identity
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
dcap-qvl📦@phala/dcap-qvl📦@phala/dcap-qvl-web📦@phala/dcap-qvl-node🐍dcap-qvlReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects crates.io, npm packages — download data is not available via public APIs for these ecosystems.
Description
Impact
This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl.
The library fetches QE Identity collateral (including qe_identity, qe_identity_signature, and qe_identity_issuer_chain) from the PCCS. However, it skips to verify the QE Identity signature against its certificate chain and does not enforce policy constraints on the QE Report.
Consequences
An attacker can forge the QE Identity data to whitelist a malicious or non-Intel Quoting Enclave. This allows the attacker to forge the QE and sign untrusted quotes that the verifier will accept as valid. Effectively, this bypasses the entire remote attestation security model, as the verifier can no longer trust the entity responsible for signing the quotes.
Who is impacted
All deployments utilizing the dcap-qvl library for SGX or TDX quote verification are affected.
Patches
The vulnerability has been patched in dcap-qvl version 0.3.9. The fix implements the missing cryptographic verification for the QE Identity signature and enforces the required checks for MRSIGNER, ISVPRODID, and ISVSVN against the QE Report.
Users of the @phala/dcap-qvl-node and @phala/dcap-qvl-web packages should switch to the pure JavaScript implementation, @phala/dcap-qvl.
Workarounds
There are no known workarounds for this vulnerability. Users must upgrade to the patched version to ensure that QE Identity collateral is properly verified.
Credit
This bug was reported by Rahul Saxena [email protected].
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🦀crates.io | dcap-qvl | all versions | 0.3.9 |
| 📦npm | @phala/dcap-qvl | all versions | 0.3.9 |
| 📦npm | @phala/dcap-qvl-web | all versions | No fix |
| 📦npm | @phala/dcap-qvl-node | all versions | No fix |
| 🐍PyPI | dcap-qvl | all versions | 0.3.9 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for dcap-qvl. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update dcap-qvl to 0.3.9 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-796p-j2gh-9m2q is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-796p-j2gh-9m2q is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-796p-j2gh-9m2q. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-796p-j2gh-9m2q in your dependencies?
O3 detects GHSA-796p-j2gh-9m2q across crates.io, npm, PyPI dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.