{"id":"PYSEC-2023-52","details":"vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.","aliases":["CVE-2022-39228","GHSA-36gx-9q6h-g429"],"modified":"2023-11-08T04:10:15.774659Z","published":"2023-03-01T17:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429"},{"type":"ADVISORY","url":"https://github.com/vantage6/vantage6/pull/281"},{"type":"ADVISORY","url":"https://github.com/vantage6/vantage6/issues/59"},{"type":"FIX","url":"https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2"}],"affected":[{"package":{"name":"vantage6","ecosystem":"PyPI","purl":"pkg:pypi/vantage6"},"ranges":[{"type":"GIT","repo":"https://github.com/vantage6/vantage6","events":[{"introduced":"0"},{"fixed":"ab4381c35d24add06f75d5a8a284321f7a340bd2"}]},{"type":"ECOSYSTEM","events":[{"introduced":"3.3.3"},{"fixed":"3.8.0"}]}],"versions":["3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.7a2","3.3.7a3","3.3.8a1","3.3.8a2","3.3.8a4","3.3.8a5","3.3.8a6","3.3.8a7","3.3.8a8","3.4.0","3.4.0a1","3.4.0a2","3.4.0a3","3.4.0a6","3.4.1","3.4.1a0","3.4.1a1","3.4.1a2","3.4.1a3","3.4.2","3.4.2a0","3.4.3","3.5.0","3.5.0rc1","3.5.0rc2","3.5.0rc3","3.5.1","3.5.2","3.6.0","3.6.1","3.6.1rc1","3.6.1rc2","3.6.1rc3","3.7.0","3.7.0rc1","3.7.0rc2","3.7.1","3.7.2","3.7.3","3.8.0rc3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/vantage6/PYSEC-2023-52.yaml"}}],"schema_version":"1.7.3"}