Product Research Enterprise Plans Docs

PyPi: Edumfa

CVE-2024-6345

Transitive

Safety vulnerability ID: 72219

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 15, 2024 Updated at Dec 09, 2024

Scan your Python projects for vulnerabilities →

Advisory

Edumfa has upgraded its dependency on setuptools to version 70 to address CVE-2024-6345.

Affected package

edumfa

Latest version: 2.5.0

eduMFA: identity, multifactor authentication (OTP), authorization, audit

Affected versions

Fixed versions

Vulnerability changelog

> [!CAUTION]
> **This release fixes a possible security vulnerability.**
>
> eduMFA prior version 2.2.0 was also affected by [blastRADIUS](https://www.blastradius.fail/) ([CVE-2024-3596](https://nvd.nist.gov/vuln/detail/CVE-2024-3596)). In case you are using the RADIUS Token we strongly recommend you to upgrade to version 2.2.0.
>
> Please note that this upgrade requires a database migration and you must replace the radius dictionary used by eduMFA! Beside these changes you should enable the `Message Authenticator` option introduced in the UI in case your RADIUS server supports this option.
>
> Thanks a lot to Janfred for the hint and sklemer1 for the fix!

What's Changed
* chore(deps): update dependency google-auth to v2.32.0 by renovate in https://github.com/eduMFA/eduMFA/pull/203
* chore(deps): update dependency sphinx to v7.4.0 by renovate in https://github.com/eduMFA/eduMFA/pull/206
* chore(deps): update dependency setuptools to v70 [security] by renovate in https://github.com/eduMFA/eduMFA/pull/209
* chore(deps): update dependency setuptools to v70.3.0 by renovate in https://github.com/eduMFA/eduMFA/pull/192
* RADIUS: add support to enforce Message-Authenticator by sklemer1 in https://github.com/eduMFA/eduMFA/pull/205
* chore(deps): update dependency croniter to v2.0.7 by renovate in https://github.com/eduMFA/eduMFA/pull/213
* chore(deps): update dependency cachetools to v5.4.0 by renovate in https://github.com/eduMFA/eduMFA/pull/210
* chore(deps): update dependency sphinx to v7.4.5 by renovate in https://github.com/eduMFA/eduMFA/pull/207
* chore: prepare for version 2.2.0 by fritterhoff in https://github.com/eduMFA/eduMFA/pull/214

New Contributors
* sklemer1 made their first contribution in https://github.com/eduMFA/eduMFA/pull/205

**Full Changelog**: https://github.com/eduMFA/eduMFA/compare/v2.1.0...v2.2.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application