HIGH 7.5

PYSEC-2025-221

상세

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / vantage6-server

최초 영향 버전: 0 수정 버전: 4.11.0

수정 pip install --upgrade 'vantage6-server>=4.11.0'

참고

https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh [ADVISORY]