MEDIUM

GHSA-x9f6-9rvm-mmrg

vantage6 node has an Improper Access Control issue

Details

### Impact Malicious algorithms can potentially access other algorithms input and output files.

### Patches Todo

### Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See [here](https://docs.vantage6.ai/usage/running-the-node/security) on how to do this.

### References https://docs.vantage6.ai/usage/running-the-node/security

### For more information If you have any questions or comments about this advisory: * Email us at [vantage6@iknl.nl](mailto:vantage6@iknl.nl)

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / vantage6

Introduced in: 0 Fixed in: 5.0.0

Fix pip install --upgrade 'vantage6>=5.0.0'

References

https://github.com/vantage6/vantage6/security/advisories/GHSA-x9f6-9rvm-mmrg [WEB]
https://github.com/vantage6/vantage6/issues/1932 [WEB]
https://github.com/vantage6/vantage6 [PACKAGE]