{"id":"PYSEC-2024-31","details":"The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC).  It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks.  Version 4.2.0 patches this vulnerability.","aliases":["CVE-2024-21671","GHSA-45gq-q4xh-cp53"],"modified":"2025-01-14T12:27:09.725527Z","published":"2024-01-30T16:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53"},{"type":"FIX","url":"https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30"}],"affected":[{"package":{"name":"vantage6","ecosystem":"PyPI","purl":"pkg:pypi/vantage6"},"ranges":[{"type":"GIT","repo":"https://github.com/vantage6/vantage6","events":[{"introduced":"0"},{"fixed":"389f416c445da4f2438c72f34c3b1084485c4e30"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0"}]}],"versions":["0.0.0","0.0.0b0","0.0.0b1","0.0.0b3","1.0.0","1.0.0a1","1.0.0a2","1.0.0b10","1.0.0b11","1.0.0b12","1.0.0b13","1.0.0b14","1.0.0b2","1.0.0b3","1.0.0b4","1.0.0b5","1.0.0b6","1.0.0b7","1.0.0b8","1.0.0b9","1.1.0","1.1.0rc1","1.1.0rc2","1.2.0","1.2.1","1.2.2","1.2.3","1.2.3.post2","2.0.0","2.0.0.post1","2.0.0a1","2.0.0a2","2.0.0a3","2.0.1rc1","2.0.1rc2","2.1.0","2.1.0rc1","2.1.1","2.2.0","2.2.0b1","2.2.0b2","2.2.0b3","2.2.0b4","2.2.1","2.2.10","2.2.11","2.2.12","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.3.0","2.3.0rc1","2.3.0rc2","2.3.0rc3","2.3.0rc4","2.3.0rc5","2.3.1","2.3.2","2.3.2rc1","2.3.3","2.3.4","2.3.5","2.3.5b1","3.0.0","3.0.0b1","3.0.0b2","3.0.0b3","3.0.0b4","3.0.0b5","3.0.0b6","3.0.0b7","3.0.0b8","3.0.0rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0","3.1.0rc1","3.1.0rc5","3.1.0rc6","3.1.0rc7","3.1.0rc8","3.1.0rc9","3.1.1rc1","3.1.1rc2","3.10.0","3.10.0rc1","3.10.1","3.10.3","3.10.4","3.11.0","3.11.0rc1","3.11.0rc2","3.11.0rc3","3.11.1","3.2.0","3.2.0rc1","3.2.0rc2","3.2.0rc3","3.2.0rc4","3.2.0rc5","3.3.0","3.3.0a0","3.3.0rc1","3.3.0rc2","3.3.0rc3","3.3.0rc4","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.7a2","3.3.7a3","3.3.8a1","3.3.8a2","3.3.8a4","3.3.8a5","3.3.8a6","3.3.8a7","3.3.8a8","3.4.0","3.4.0a1","3.4.0a2","3.4.0a3","3.4.0a6","3.4.1","3.4.1a0","3.4.1a1","3.4.1a2","3.4.1a3","3.4.2","3.4.2a0","3.4.3","3.5.0","3.5.0rc1","3.5.0rc2","3.5.0rc3","3.5.1","3.5.2","3.6.0","3.6.1","3.6.1rc1","3.6.1rc2","3.6.1rc3","3.7.0","3.7.0rc1","3.7.0rc2","3.7.1","3.7.2","3.7.3","3.8.0","3.8.0rc3","3.8.1","3.8.2","3.8.2rc1","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.8.7rc1","3.8.8","3.8.8rc1","3.8.8rc2","3.8.8rc3","3.9.0","3.9.0rc2","3.9.0rc4","4.0.0","4.0.0a10","4.0.0a2","4.0.0a3","4.0.0a4","4.0.0a5","4.0.0a6","4.0.0a7","4.0.0a8","4.0.0a9","4.0.1","4.0.1rc2","4.0.2","4.0.3","4.1.0","4.1.0b0","4.1.0b1","4.1.0rc0","4.1.1","4.1.2","4.1.3","4.2.0rc1","4.2.0rc2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/vantage6/PYSEC-2024-31.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}