PYSEC-2026-2008

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/vantage6-server/PYSEC-2026-2008.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2008
Aliases
Published
2026-07-07T11:45:31.678545Z
Modified
2026-07-07T17:57:01.554426828Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
vantage6 vulnerable to username timing attack
Details

Impact

It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks

Workarounds

No

References

Affected packages

PyPI / vantage6-server

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0

Affected versions

0.*
0.0.0b0
0.0.0b1
0.0.0b3
0.0.0
1.*
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0b6
1.0.0b7
1.0.0b8
1.0.0b9
1.0.0b11
1.0.0b12
1.0.0b13
1.0.0b14
1.0.0
1.0.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.3.post1
2.*
2.0.0a1
2.0.0a2
2.0.0a3
2.0.0
2.0.0.post1
2.0.1rc1
2.0.1rc2
2.1.0rc1
2.1.0
2.1.1
2.1.2
2.1.3b1
2.1.3b2
2.1.3b3
2.1.3b4
2.2.0b1
2.2.0b2
2.2.0b3
2.2.0b4
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.3.0rc1
2.3.0rc2
2.3.0rc3
2.3.0rc4
2.3.0rc5
2.3.0
2.3.1
2.3.2rc1
2.3.2
2.3.3
2.3.4
2.3.5b1
2.3.5
3.*
3.0.0b1
3.0.0b3
3.0.0b4
3.0.0b5
3.0.0b6
3.0.0b7
3.0.0b8
3.0.0rc1
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0rc1
3.1.0rc5
3.1.0rc6
3.1.0rc7
3.1.0rc8
3.1.0rc9
3.1.0
3.1.1rc1
3.1.1rc2
3.2.0rc1
3.2.0rc2
3.2.0rc3
3.2.0rc4
3.2.0rc5
3.2.0
3.3.0a0
3.3.0rc1
3.3.0rc2
3.3.0rc3
3.3.0rc4
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7a2
3.3.7a3
3.3.7
3.3.8a1
3.3.8a2
3.3.8a4
3.3.8a5
3.3.8a6
3.3.8a7
3.3.8a8
3.4.0a1
3.4.0a2
3.4.0a3
3.4.0a6
3.4.0
3.4.1a0
3.4.1a1
3.4.1a2
3.4.1a3
3.4.1
3.4.2a0
3.4.2
3.4.3
3.5.0rc1
3.5.0rc2
3.5.0rc3
3.5.0
3.5.1
3.5.2
3.6.0
3.6.1rc1
3.6.1rc2
3.6.1rc3
3.6.1
3.7.0rc1
3.7.0rc2
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0rc3
3.8.0
3.8.1
3.8.2rc1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7rc1
3.8.7
3.8.8rc1
3.8.8rc2
3.8.8rc3
3.8.8
3.9.0rc2
3.9.0rc4
3.9.0
3.10.0rc1
3.10.0
3.10.1
3.10.3
3.10.4
3.11.0rc1
3.11.0rc2
3.11.0rc3
3.11.0
3.11.1
4.*
4.0.0a2
4.0.0a3
4.0.0a4
4.0.0a5
4.0.0a6
4.0.0a7
4.0.0a8
4.0.0a9
4.0.0a10
4.0.0
4.0.1rc2
4.0.1
4.0.2
4.0.3
4.1.0b0
4.1.0b1
4.1.0rc0
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0rc1
4.2.0rc2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/vantage6-server/PYSEC-2026-2008.yaml"