### Impact
There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database.

### Workarounds
This is not an issue with the normal workflow, only if e.g. a user with the python client sets encryption to the wrong value.

Affected Packages

PyPI vantage6

Affected versions: 0 (fixed in 4.2.0)

Related CVEs

CVE-2024-22193

Key Information

GHSA ID

GHSA-rjmv-52mp-gjrr

Published

January 30, 2024 8:56 PM

Last Modified

February 8, 2024 10:49 PM

CVSS Score

2.5 /10

Primary Ecosystem

PyPI

Primary Package

vantage6

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.