Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-j6g5-p62x-58hw

GitHub Security Advisory

vantage6 lacks brute-force protection on change password functionality

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

### Impact
If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct

### Patches
This issue has been patched in version 4.11.0

### Workarounds
None

Affected Packages

PyPI vantage6
Affected versions: 0 (fixed in 4.11.0)

Related CVEs

CVE-2025-43863

Key Information

GHSA ID
GHSA-j6g5-p62x-58hw
Published
June 12, 2025 11:00 PM
Last Modified
June 12, 2025 11:02 PM
CVSS Score
2.5 /10
Primary Ecosystem
PyPI
Primary Package
vantage6
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.