Ethyca Fides vulnerabilities
22 known vulnerabilities affecting ethyca/fides.
Total CVEs
22
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH8MEDIUM11LOW1
Vulnerabilities
Page 2 of 2
CVE-2023-37481P4MEDIUMCVSS 4.9≥ 2.11.0, < 2.16.0v>= 2.11.0, < 2.16.02023-07-18
CVE-2023-37481 [MEDIUM] CWE-400 CVE-2023-37481: Fides is an open-source privacy engineering platform for managing data privacy requests and privacy
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in
nvd
CVE-2024-34715P4LOWCVSS 3.3fixed in 2.37.02024-05-29
CVE-2024-34715 [LOW] CWE-116 CVE-2024-34715: Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as `@` and `$`, webserver startup fails and the part of the password following the
nvd
← Previous2 / 2