Name of the Vulnerable Software and Affected Versions vp-toolkit versions prior to 0.2.2

Description The verifyVerifiableCredential() method does not check if the credential.issuer DID matches the signer of the credential, which impacts the verifier.

Recommendations For versions prior to 0.2.2, update to version 0.2.2 to resolve the issue. As a temporary workaround, consider trusting the issuer's public key from the credential.proof.verificationMethod field for certain credentials if you trust certain issuers as a verifier.