vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| vantage6(PyPI) | 0 | 4.11.0 | N/A |
CVSS Metrics
