Name of the Vulnerable Software and Affected Versions vp-toolkit versions prior to 0.2.2

Description The verifyVerifiablePresentation() method does not check if the credentialSubject.id DID matches the signer of the VP proof, impacting the verifier.

Recommendations For versions prior to 0.2.2, as a temporary workaround, consider computing the address out of the verifiablePresentation.proof.n.verificationMethod using getAddressFromPubKey() from crypt-util@0.1.5 and matching it with the credentialSubject.id address from the credential. Update to version 0.2.2 to resolve the issue.