CVE-2022-21707

Name of the Vulnerable Software and Affected Versions wasmCloud Host Runtime versions prior to 0.52.2

Description The issue affects the security model of actors in the wasmCloud Host Runtime, allowing them to bypass capability authorization. Normally, actors are required to declare their capabilities for inbound invocations. However, due to this problem, actor capability claims are not verified upon receiving invocations, which compromises the security model. This enables actors to receive unauthorized invocations from linked capability providers.

Recommendations For versions prior to 0.52.2, upgrade to version 0.52.2 or greater as soon as possible, as there is no workaround available.