Name of the Vulnerable Software and Affected Versions x509-validation versions prior to 1.4.8

Description The issue concerns the failure to enforce the pathLenConstraint value, allowing constrained CAs to potentially issue certificates below the maximum depth. This could lead to the acceptance of certificates issued by unauthorized intermediate CAs.

Recommendations For versions prior to 1.4.8, update to version 1.4.8 or later to enforce the pathLenConstraint value and prevent the acceptance of certificates issued by unauthorized intermediate CAs.