Improper Access Control in vantage6 node

Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...

GHSA-X9F6-9RVM-MMRG Improper Access Control in vantage6 node

Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...

vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:GHSA-J6G5-P62X-58HW...

vantage6-algorithm-store (>=4.3.0 <=4.15.0rc4), vantage6-node (>=0.0.0 <=4.15.0rc4) +1 more potentially affected by CVE-2024-32969 via vantage6 (>=0.0.0 <=4.5.0)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.0rc4 Source cves: CVE-2024-32969 Source advisory: OSV:GHSA-99R4-CJP4-3HMX...

vantage6-algorithm-store (>=4.10.0 <=4.15.0rc4), vantage6-node (>=0.0.0 <=4.15.0rc4) +1 more potentially affected by CVE-2024-22193 via vantage6 (>=0.0.0 <=4.1.3)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.15.0rc4 Source cves: CVE-2024-22193 Source advisory: OSV:GHSA-RJMV-52MP-GJRR...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-28635 via vantage6 (>=0.0.0 <=3.9.0rc4)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-28635 Source advisory: OSV:GHSA-7X94-6G2M-3HP2...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41882 via vantage6 (>=0.0.0 <=3.9.0rc4)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41882 Source advisory: OSV:GHSA-GC57-XHH5-M94R...

vantage6-node (>=0.0.0 <=4.0.1rc2), vantage6-server (>=0.0.0 <=4.0.1rc2) potentially affected by CVE-2023-23930 via vantage6 (>=0.0.0 <=4.0.1rc2)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =4.0.1rc2 Source cves: CVE-2023-23930 Source advisory: OSV:GHSA-5M22-CFQ9-86X6...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41881 via vantage6 (>=0.0.0 <=3.9.0rc4)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41881 Source advisory: OSV:PYSEC-2023-200...

vantage6-node (>=3.7.0 <=3.8.0), vantage6-server (>=3.7.0 <=3.8.0) potentially affected by CVE-2023-22738 via vantage6 (>=3.7.0 <=3.8.0)

vantage6 PYPI version =3.7.0, =3.7.0, =3.7.0, =3.8.0 Source cves: CVE-2023-22738 Source advisory: OSV:PYSEC-2023-53...

vantage6-node (>=3.3.3 <=3.7.3), vantage6-server (>=3.3.3 <=3.7.3) potentially affected by CVE-2022-39228 via vantage6 (>=3.3.3 <=3.7.3)

vantage6 PYPI version =3.3.3, =3.3.3, =3.3.3, =3.7.3 Source cves: CVE-2022-39228 Source advisory: OSV:PYSEC-2023-52...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2022-39228 via vantage6 (>=0.0.0 <=3.7.3)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2022-39228 Source advisory: OSV:GHSA-36GX-9Q6H-G429...