{"id":"PYSEC-2023-54","details":"vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0.","aliases":["CVE-2023-23929","GHSA-4w59-c3gc-rrhp"],"modified":"2023-11-01T05:01:13.647500Z","published":"2023-03-04T00:15:00Z","references":[{"type":"FIX","url":"https://github.com/vantage6/vantage6/commit/48ebfca42359e9a6743e9598684585e2522cdce8"},{"type":"ADVISORY","url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-4w59-c3gc-rrhp"}],"affected":[{"package":{"name":"vantage6","ecosystem":"PyPI","purl":"pkg:pypi/vantage6"},"ranges":[{"type":"GIT","repo":"https://github.com/vantage6/vantage6","events":[{"introduced":"0"},{"fixed":"48ebfca42359e9a6743e9598684585e2522cdce8"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.0"}]}],"versions":["0.0.0","0.0.0b0","0.0.0b1","0.0.0b3","1.0.0","1.0.0a1","1.0.0a2","1.0.0b10","1.0.0b11","1.0.0b12","1.0.0b13","1.0.0b14","1.0.0b2","1.0.0b3","1.0.0b4","1.0.0b5","1.0.0b6","1.0.0b7","1.0.0b8","1.0.0b9","1.1.0","1.1.0rc1","1.1.0rc2","1.2.0","1.2.1","1.2.2","1.2.3","1.2.3.post2","2.0.0","2.0.0.post1","2.0.0a1","2.0.0a2","2.0.0a3","2.0.1rc1","2.0.1rc2","2.1.0","2.1.0rc1","2.1.1","2.2.0","2.2.0b1","2.2.0b2","2.2.0b3","2.2.0b4","2.2.1","2.2.10","2.2.11","2.2.12","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.3.0","2.3.0rc1","2.3.0rc2","2.3.0rc3","2.3.0rc4","2.3.0rc5","2.3.1","2.3.2","2.3.2rc1","2.3.3","2.3.4","2.3.5","2.3.5b1","3.0.0","3.0.0b1","3.0.0b2","3.0.0b3","3.0.0b4","3.0.0b5","3.0.0b6","3.0.0b7","3.0.0b8","3.0.0rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0","3.1.0rc1","3.1.0rc5","3.1.0rc6","3.1.0rc7","3.1.0rc8","3.1.0rc9","3.1.1rc1","3.1.1rc2","3.2.0","3.2.0rc1","3.2.0rc2","3.2.0rc3","3.2.0rc4","3.2.0rc5","3.3.0","3.3.0a0","3.3.0rc1","3.3.0rc2","3.3.0rc3","3.3.0rc4","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.7a2","3.3.7a3","3.3.8a1","3.3.8a2","3.3.8a4","3.3.8a5","3.3.8a6","3.3.8a7","3.3.8a8","3.4.0","3.4.0a1","3.4.0a2","3.4.0a3","3.4.0a6","3.4.1","3.4.1a0","3.4.1a1","3.4.1a2","3.4.1a3","3.4.2","3.4.2a0","3.4.3","3.5.0","3.5.0rc1","3.5.0rc2","3.5.0rc3","3.5.1","3.5.2","3.6.0","3.6.1","3.6.1rc1","3.6.1rc2","3.6.1rc3","3.7.0","3.7.0rc1","3.7.0rc2","3.7.1","3.7.2","3.7.3","3.8.0rc3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/vantage6/PYSEC-2023-54.yaml"}}],"schema_version":"1.7.3"}