Homepage

vantage6-server@4.10.0rc1 vulnerabilities

Vantage6 server

  • latest version

    4.11.0

  • latest non vulnerable version

    5.0.0a22

  • first published

    5 years ago

  • latest version published

    23 days ago

  • licenses detected

  • View vantage6-server package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the vantage6-server package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Brute Force

    vantage6-server is a Vantage6 server

    Affected versions of this package are vulnerable to Brute Force due to a lack of rate limiting on the password change functionality. An attacker who has gained access to an authenticated session can attempt to brute-force the user's password. They can call the change password route an unlimited number of times, allowing them to systematically guess passwords until they find the correct one and compromise the account.

    How to fix Brute Force?

    Upgrade vantage6-server to version 4.11.0rc2 or higher.

    [,4.11.0rc2)
    • M
    Insecure Randomness

    vantage6-server is a Vantage6 server

    Affected versions of this package are vulnerable to Insecure Randomness via the configure_flask function, due to the predictable nature of the auto-generated secret key, an attacker can determine it and forge valid security tokens. This allows them to bypass authentication and gain unauthorized access to the system.

    How to fix Insecure Randomness?

    Upgrade vantage6-server to version 4.11.0rc2 or higher.

    [,4.11.0rc2)
    Go back to all versions of this package