GHSA-97x9-59rv-q5pm
CRITICALHyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
aries-cloudagent🐍aries-cloudagentReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects PyPI packages — download data is not available via public APIs for these ecosystems.
Description
Impact
When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation document.proof was not factored into the final verified value (true/false) on the presentation record. Below is an example result from verifying a JSON-LD Presentation where there is an error noted in the processing (mismatched challenge), but the overall result is incorrectly "verified": true:
{
"verified": true,
"presentation_result": {
"verified": false,
"document": {
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"type": [
"VerifiablePresentation"
],
"verifiableCredential": [
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/citizenship/v1"
],
"type": [
"VerifiableCredential",
"PermanentResident"
],
"issuer": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
"issuanceDate": "2023-11-18",
"credentialSubject": {
"type": [
"PermanentResident"
],
"id": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
"givenName": "Bob",
"familyName": "Builder",
"gender": "Male",
"birthCountry": "Bahamas",
"birthDate": "1958-07-17"
},
"proof": {
"type": "Ed25519Signature2018",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
"created": "2023-11-18T21:39:56.988853+00:00",
"jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA"
}
}
],
"proof": {
"type": "Ed25519Signature2018",
"proofPurpose": "authentication",
"verificationMethod": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C#z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
"created": "2023-11-18T21:39:59.188276+00:00",
"challenge": "ce0956d4-206d-4b69-a087-52bbb9ddaf1d",
"jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..4ciLzT3oF-Ch9nngGVgI_fBNIo_RPPXzRuFXjMx4AdwVNM4ioeB3TNDbHsF7fPXANznkZR0bHceyvMN3-CUSAw"
}
},
"results": [
{
"verified": false,
"proof": {
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"type": "Ed25519Signature2018",
"proofPurpose": "authentication",
"verificationMethod": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C#z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
"created": "2023-11-18T21:39:59.188276+00:00",
"challenge": "ce0956d4-206d-4b69-a087-52bbb9ddaf1d",
"jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..4ciLzT3oF-Ch9nngGVgI_fBNIo_RPPXzRuFXjMx4AdwVNM4ioeB3TNDbHsF7fPXANznkZR0bHceyvMN3-CUSAw"
},
"error": "The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969",
"purpose_result": {
"valid": false,
"error": "The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969"
}
}
],
"errors": [
"The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969"
]
},
"credential_results": [
{
"verified": true,
"document": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/citizenship/v1"
],
"type": [
"VerifiableCredential",
"PermanentResident"
],
"issuer": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
"issuanceDate": "2023-11-18",
"credentialSubject": {
"type": [
"PermanentResident"
],
"id": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
"givenName": "Bob",
"familyName": "Builder",
"gender": "Male",
"birthCountry": "Bahamas",
"birthDate": "1958-07-17"
},
"proof": {
"type": "Ed25519Signature2018",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
"created": "2023-11-18T21:39:56.988853+00:00",
"jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA"
}
},
"results": [
{
"verified": true,
"proof": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/citizenship/v1"
],
"type": "Ed25519Signature2018",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
"created": "2023-11-18T21:39:56.988853+00:00",
"jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA"
},
"purpose_result": {
"valid": true,
"controller": {
"@context": "https://w3id.org/security/v2",
"id": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
"assertionMethod": [
"did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1"
],
"authentication": [
{
"id": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
"type": "Ed25519VerificationKey2018",
"controller": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
"publicKeyBase58": "8dMkWKZxsK7vS8sR4XgS7gWvRawPp5TMYVFvnU2RyXqo"
}
],
"verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
"https://www.w3.org/ns/did#service": {
"id": "did:sov:EzcfrVw7Tveho5NjrmDWnd#did-communication",
"type": "did-communication",
"https://www.w3.org/ns/did#serviceEndpoint": {
"id": "http://alice:3000"
}
}
}
}
}
]
}
],
"errors": [
"The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969"
]
}
The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own.
This vulnerability has been present since the first implementation of support for JSON-LD W3C Verifiable Credential Data Model presentations, in Aries Cloud Agent Python release in 0.7.0.
All ACA-Py Users depending on W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs are impacted by this vulnerability.
Patches
This issue has been patched in version 0.10.5 and fixed in 0.11.0.
Workarounds
There is no workaround other upgrading to a patched/fixed version of ACA-Py.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐍PyPI | aries-cloudagent | ≥ 0.7.0&&< 0.10.5 | 0.10.5 |
| 🐍PyPI | aries-cloudagent | ≥ 0.11.0rc1&&< 0.11.0 | 0.11.0 |
Research use only. For defensive security, authorized penetration testing, and academic research only. Never execute exploit code against systems without explicit written authorization.
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for aries-cloudagent. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update aries-cloudagent to 0.10.5 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-97x9-59rv-q5pm is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-97x9-59rv-q5pm is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-97x9-59rv-q5pm. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-97x9-59rv-q5pm in your dependencies?
O3 detects GHSA-97x9-59rv-q5pm across PyPI dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.