pkg:PyPI/ethyca-fides

All known vulnerabilities

• CRITICAL9.1CVE-2024-45053Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
  >= 2.19.0, < 2.44.0
• HIGH8.8CVE-2023-41319Remote Code Execution in Custom Integration Upload
  >= 2.11.0, < 2.19.0
• HIGH8.2Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
  from 0, < 2.24.0
• HIGH8.2Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
  from 0, < 2.22.1
• HIGH7.5Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
  from 0, < 2.69.1
• HIGH7.5ethyca-fides Webserver API Path Traversal vulnerability
  from 0, < f526d9ffb176006d701493c9d0eff6b4884e811f | from 0, < 2.15.1
• HIGH7.5ethyca-fides Webserver API Path Traversal vulnerability
  from 0, < 2.15.1
• HIGH7.2Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
  from 0, < 2.69.1
• MEDIUM6.5Fides has a Lack of Brute-Force Protections on Authentication Endpoints
  from 0, < 2.69.1
• MEDIUM6.5Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
  from 0, < 2.37.0
• MEDIUM6.5Fides Information Disclosure Vulnerability in Config API Endpoint
  from 0, < 2.22.1
• MEDIUM5.7Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
  from 0, < 2.50.0
• MEDIUM5.3Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
  >= 2.19.0, < 2.39.2
• MEDIUM4.8Fides' Admin UI User Password Change Does Not Invalidate Current Session
  from 0, < 2.69.1
• MEDIUM4.3Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
  >= 2.15.1, < 2.23.3
• LOW3.9Fides JavaScript Injection Vulnerability in Privacy Center URL
  from 0, < 2.22.1
• LOW2.7Fides Webserver Vulnerable to SVG Bomb File Uploads
  >= 2.11.0, < 2.16.0
• LOW2.7Fides Webserver Vulnerable to Zip Bomb File Uploads
  >= 2.11.0, < 2.16.0
• LOW2.3Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
  from 0, < 2.37.0
• NONE0.0Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
  from 0, < 2.39.1
• —ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override
  >= 2.33.0, < 2.84.5
• —Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
  >= 2.75.0, < 2.83.2
• —Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
  from 0, < 2.44.0