Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/vantage6@4.1.0
Typepypi
Namespace
Namevantage6
Version4.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.11.0
Latest_non_vulnerable_version4.11.0
Affected_by_vulnerabilities
0
url VCID-cc7t-us5t-ffbb
vulnerability_id VCID-cc7t-us5t-ffbb
summary vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.
references
0
reference_url https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw
fixed_packages
0
url pkg:pypi/vantage6@4.11.0
purl pkg:pypi/vantage6@4.11.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.11.0
aliases CVE-2025-43863, GHSA-j6g5-p62x-58hw, PYSEC-2025-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cc7t-us5t-ffbb
1
url VCID-hdj5-dmqq-cqdp
vulnerability_id VCID-hdj5-dmqq-cqdp
summary The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.
references
0
reference_url https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30
1
reference_url https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21671
reference_id CVE-2024-21671
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-21671
3
reference_url https://github.com/advisories/GHSA-45gq-q4xh-cp53
reference_id GHSA-45gq-q4xh-cp53
reference_type
scores
url https://github.com/advisories/GHSA-45gq-q4xh-cp53
fixed_packages
0
url pkg:pypi/vantage6@4.2.0
purl pkg:pypi/vantage6@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cc7t-us5t-ffbb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.2.0
aliases CVE-2024-21671, GHSA-45gq-q4xh-cp53, PYSEC-2024-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdj5-dmqq-cqdp
2
url VCID-sgwu-s2e9-7qbp
vulnerability_id VCID-sgwu-s2e9-7qbp
summary The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
references
0
reference_url https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd
1
reference_url https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21649
reference_id CVE-2024-21649
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-21649
3
reference_url https://github.com/advisories/GHSA-w9h2-px87-74vx
reference_id GHSA-w9h2-px87-74vx
reference_type
scores
url https://github.com/advisories/GHSA-w9h2-px87-74vx
fixed_packages
0
url pkg:pypi/vantage6@4.2.0
purl pkg:pypi/vantage6@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cc7t-us5t-ffbb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.2.0
aliases CVE-2024-21649, GHSA-w9h2-px87-74vx, PYSEC-2024-30
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgwu-s2e9-7qbp
3
url VCID-tjnd-7tza-1fay
vulnerability_id VCID-tjnd-7tza-1fay
summary The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.
references
0
reference_url https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
1
reference_url https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22193
reference_id CVE-2024-22193
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-22193
3
reference_url https://github.com/advisories/GHSA-rjmv-52mp-gjrr
reference_id GHSA-rjmv-52mp-gjrr
reference_type
scores
url https://github.com/advisories/GHSA-rjmv-52mp-gjrr
fixed_packages
0
url pkg:pypi/vantage6@4.2.0
purl pkg:pypi/vantage6@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cc7t-us5t-ffbb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.2.0
aliases CVE-2024-22193, GHSA-rjmv-52mp-gjrr, PYSEC-2024-32
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjnd-7tza-1fay
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.1.0