GHSA-45gq-q4xh-cp53
Suggest an improvement- Source
- https://github.com/advisories/GHSA-45gq-q4xh-cp53
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-45gq-q4xh-cp53/GHSA-45gq-q4xh-cp53.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-45gq-q4xh-cp53
- Aliases
- Related
- Published
- 2024-01-30T20:56:48Z
- Modified
- 2025-01-14T12:27:09.725527Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- vantage6 vulnerable to username timing attack
- Details
-
Impact
It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks
Workarounds
No
- Database specific
{ "nvd_published_at": "2024-01-30T16:15:48Z", "github_reviewed_at": "2024-01-30T20:56:48Z", "cwe_ids": [ "CWE-208" ], "severity": "LOW", "github_reviewed": true }- References
-
- https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53
- https://nvd.nist.gov/vuln/detail/CVE-2024-21671
- https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30
- https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-31.yaml
- https://github.com/vantage6/vantage6
Affected packages
PyPI / vantage6-server
Package
- Name
- vantage6-server
- View open source insights on deps.dev
- Purl
- pkg:pypi/vantage6-server
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.2.0
Affected versions
0.*
0.0.0b0
0.0.0b1
0.0.0b3
0.0.0
1.*
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0b6
1.0.0b7
1.0.0b8
1.0.0b9
1.0.0b11
1.0.0b12
1.0.0b13
1.0.0b14
1.0.0
1.0.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.3.post1
2.*
2.0.0a1
2.0.0a2
2.0.0a3
2.0.0
2.0.0.post1
2.0.1rc1
2.0.1rc2
2.1.0rc1
2.1.0
2.1.1
2.1.2
2.1.3b1
2.1.3b2
2.1.3b3
2.1.3b4
2.2.0b1
2.2.0b2
2.2.0b3
2.2.0b4
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.3.0rc1
2.3.0rc2
2.3.0rc3
2.3.0rc4
2.3.0rc5
2.3.0
2.3.1
2.3.2rc1
2.3.2
2.3.3
2.3.4
2.3.5b1
2.3.5
3.*
3.0.0b1
3.0.0b3
3.0.0b4
3.0.0b5
3.0.0b6
3.0.0b7
3.0.0b8
3.0.0rc1
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0rc1
3.1.0rc5
3.1.0rc6
3.1.0rc7
3.1.0rc8
3.1.0rc9
3.1.0
3.1.1rc1
3.1.1rc2
3.2.0rc1
3.2.0rc2
3.2.0rc3
3.2.0rc4
3.2.0rc5
3.2.0
3.3.0a0
3.3.0rc1
3.3.0rc2
3.3.0rc3
3.3.0rc4
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7a2
3.3.7a3
3.3.7
3.3.8a1
3.3.8a2
3.3.8a4
3.3.8a5
3.3.8a6
3.3.8a7
3.3.8a8
3.4.0a1
3.4.0a2
3.4.0a3
3.4.0a6
3.4.0
3.4.1a0
3.4.1a1
3.4.1a2
3.4.1a3
3.4.1
3.4.2a0
3.4.2
3.4.3
3.5.0rc1
3.5.0rc2
3.5.0rc3
3.5.0
3.5.1
3.5.2
3.6.0
3.6.1rc1
3.6.1rc2
3.6.1rc3
3.6.1
3.7.0rc1
3.7.0rc2
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0rc3
3.8.0
3.8.1
3.8.2rc1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7rc1
3.8.7
3.8.8rc1
3.8.8rc2
3.8.8rc3
3.8.8
3.9.0rc2
3.9.0rc4
3.9.0
3.10.0rc1
3.10.0
3.10.1
3.10.3
3.10.4
3.11.0rc1
3.11.0rc2
3.11.0rc3
3.11.0
3.11.1
4.*
4.0.0a2
4.0.0a3
4.0.0a4
4.0.0a5
4.0.0a6
4.0.0a7
4.0.0a8
4.0.0a9
4.0.0a10
4.0.0
4.0.1rc2
4.0.1
4.0.2
4.0.3
4.1.0b0
4.1.0b1
4.1.0rc0
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0rc1
4.2.0rc2