Hyperledger Ursa 0.1.0 for Rust
Approved changes feed: RSS · Atom
cpe:2.3:a:hyperledger:ursa:0.1.0:*:*:*:*:rust:*:*
part: a version: 0.1.0 update: *
| Vendor | Hyperledger (619acd7a-fe8a-59d2-9a70-2faf1d5c7fe4) |
|---|---|
| Product | Ursa (d3c37b04-6a21-5fa7-958a-fb8c001a2f56) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | rust |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:cargo/ursa |
purl2cpe | 2026-06-01 10:12:18.553554 |
pkg:github/hyperledger-archives/ursa |
purl2cpe | 2026-06-01 10:12:18.553557 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-22192 |
vulnerable | 2026-06-08 06:29:34.068653 |
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
MEDIUM (6.5)
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.
Published: 2024-01-16T21:44:53.121Z
Updated: 2025-06-16T19:46:20.983Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21670 |
vulnerable | 2026-06-08 06:27:36.327262 |
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
MEDIUM (6.5)
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
Published: 2024-01-16T21:44:05.572Z
Updated: 2024-08-01T22:27:35.720Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.