{"url":"http://public2.vulnerablecode.io/api/packages/33340?format=json","purl":"pkg:pypi/ethyca-fides@2.7.1","type":"pypi","namespace":"","name":"ethyca-fides","version":"2.7.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.69.1","latest_non_vulnerable_version":"2.84.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/307849?format=json","vulnerability_id":"VCID-7abd-5d2u-jkhv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57817","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26667","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57817"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-09T13:38:53Z/"}],"url":"https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.69.1","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-09T13:38:53Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.69.1"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-09T13:38:53Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57817","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57817"},{"reference_url":"https://github.com/advisories/GHSA-hjfh-p8f5-24wr","reference_id":"GHSA-hjfh-p8f5-24wr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hjfh-p8f5-24wr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193558?format=json","purl":"pkg:pypi/ethyca-fides@2.69.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1"}],"aliases":["CVE-2025-57817","GHSA-hjfh-p8f5-24wr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7abd-5d2u-jkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264058?format=json","vulnerability_id":"VCID-ca8f-8pgd-k3ch","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45052","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58107","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45052"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/457b0e9df9f0d337133d6078bca6ed88bbc745f4","reference_id":"457b0e9df9f0d337133d6078bca6ed88bbc745f4","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T16:19:06Z/"}],"url":"https://github.com/ethyca/fides/commit/457b0e9df9f0d337133d6078bca6ed88bbc745f4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45052","reference_id":"CVE-2024-45052","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45052"},{"reference_url":"https://github.com/advisories/GHSA-2h46-8gf5-fmxv","reference_id":"GHSA-2h46-8gf5-fmxv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2h46-8gf5-fmxv"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-2h46-8gf5-fmxv","reference_id":"GHSA-2h46-8gf5-fmxv","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T16:19:06Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-2h46-8gf5-fmxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82664?format=json","purl":"pkg:pypi/ethyca-fides@2.44.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.44.0"}],"aliases":["CVE-2024-45052","GHSA-2h46-8gf5-fmxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca8f-8pgd-k3ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18690?format=json","vulnerability_id":"VCID-ecnb-fpm2-cfbf","summary":"Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload\n### Impact\n\nThe Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. \n\nIt was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources.\n\nExploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role.\n\n### Patches\nThe vulnerability has been patched in Fides version `2.22.1`. Users are advised to upgrade to this version or later to secure their systems against this threat.\n\n### Workarounds\nThere are no workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46124","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28496","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46124"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:10:51Z/"}],"url":"https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.22.1","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:10:51Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.22.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46124","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46124"},{"reference_url":"https://github.com/advisories/GHSA-jq3w-9mgf-43m4","reference_id":"GHSA-jq3w-9mgf-43m4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jq3w-9mgf-43m4"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4","reference_id":"GHSA-jq3w-9mgf-43m4","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:10:51Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66295?format=json","purl":"pkg:pypi/ethyca-fides@2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-944j-3smp-juhn"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-f1za-bv5q-3kfg"},{"vulnerability":"VCID-f84a-bmxz-67eq"},{"vulnerability":"VCID-kw77-zver-pbag"},{"vulnerability":"VCID-mcvz-a7zh-43ar"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-z9we-95sx-kbef"},{"vulnerability":"VCID-zqfr-dwgg-7yef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.22.1"}],"aliases":["CVE-2023-46124","GHSA-jq3w-9mgf-43m4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecnb-fpm2-cfbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8812?format=json","vulnerability_id":"VCID-ef5s-4pxt-3qge","summary":"Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. The vulnerability is patched in fides `2.15.1`.\n\nIf the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca's security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can't be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36827","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38936","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36827"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/f526d9ffb176006d701493c9d0eff6b4884e811f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-24T17:58:37Z/"}],"url":"https://github.com/ethyca/fides/commit/f526d9ffb176006d701493c9d0eff6b4884e811f"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.15.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-24T17:58:37Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.15.1"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-24T17:58:37Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ethyca-fides/PYSEC-2023-107.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ethyca-fides/PYSEC-2023-107.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36827","reference_id":"CVE-2023-36827","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36827"},{"reference_url":"https://github.com/advisories/GHSA-r25m-cr6v-p9hq","reference_id":"GHSA-r25m-cr6v-p9hq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r25m-cr6v-p9hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33384?format=json","purl":"pkg:pypi/ethyca-fides@2.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gdp-wk59-kbem"},{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-ecnb-fpm2-cfbf"},{"vulnerability":"VCID-f1za-bv5q-3kfg"},{"vulnerability":"VCID-f84a-bmxz-67eq"},{"vulnerability":"VCID-hdps-b21q-cfg2"},{"vulnerability":"VCID-kw77-zver-pbag"},{"vulnerability":"VCID-mcvz-a7zh-43ar"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-wgwh-jdfb-vycz"},{"vulnerability":"VCID-x3kp-vr3y-8qav"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-y8m2-upbb-jbbm"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-zqfr-dwgg-7yef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.15.1"}],"aliases":["CVE-2023-36827","GHSA-r25m-cr6v-p9hq","PYSEC-2023-107"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef5s-4pxt-3qge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256079?format=json","vulnerability_id":"VCID-f1za-bv5q-3kfg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34715","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27282","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34715"},{"reference_url":"https://docs.sqlalchemy.org/en/14/core/engines.html#escaping-special-characters-such-as-signs-in-passwords","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:09:16Z/"}],"url":"https://docs.sqlalchemy.org/en/14/core/engines.html#escaping-special-characters-such-as-signs-in-passwords"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/6ab37b1ffe2b1a3bd35b706a82f78e061086141c","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:09:16Z/"}],"url":"https://github.com/ethyca/fides/commit/6ab37b1ffe2b1a3bd35b706a82f78e061086141c"},{"reference_url":"https://github.com/sqlalchemy/sqlalchemy/discussions/6615","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:09:16Z/"}],"url":"https://github.com/sqlalchemy/sqlalchemy/discussions/6615"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34715","reference_id":"CVE-2024-34715","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34715"},{"reference_url":"https://github.com/advisories/GHSA-8cm5-jfj2-26q7","reference_id":"GHSA-8cm5-jfj2-26q7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8cm5-jfj2-26q7"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-8cm5-jfj2-26q7","reference_id":"GHSA-8cm5-jfj2-26q7","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:09:16Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-8cm5-jfj2-26q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81545?format=json","purl":"pkg:pypi/ethyca-fides@2.37.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-944j-3smp-juhn"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-mcvz-a7zh-43ar"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-z9we-95sx-kbef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.37.0"}],"aliases":["CVE-2024-34715","GHSA-8cm5-jfj2-26q7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1za-bv5q-3kfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18702?format=json","vulnerability_id":"VCID-hdps-b21q-cfg2","summary":"Fides JavaScript Injection Vulnerability in Privacy Center URL\n### Impact\nThe Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to not be validated.\n\nThe vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website.\n\nExploitation is limited to Admin UI users with the contributor role or higher.\n\n### Patches\nThe vulnerability has been patched in Fides version `2.22.1`. Users are advised to upgrade to this version or later to secure their systems against this threat.\n\n### Workarounds\nThere are no workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46126","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36117","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46126"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/3231d19699f9c895c986f6a967a64d882769c506","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:55:20Z/"}],"url":"https://github.com/ethyca/fides/commit/3231d19699f9c895c986f6a967a64d882769c506"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.22.1","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:55:20Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.22.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46126","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46126"},{"reference_url":"https://github.com/advisories/GHSA-fgjj-5jmr-gh83","reference_id":"GHSA-fgjj-5jmr-gh83","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fgjj-5jmr-gh83"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-fgjj-5jmr-gh83","reference_id":"GHSA-fgjj-5jmr-gh83","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:55:20Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-fgjj-5jmr-gh83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66295?format=json","purl":"pkg:pypi/ethyca-fides@2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-944j-3smp-juhn"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-f1za-bv5q-3kfg"},{"vulnerability":"VCID-f84a-bmxz-67eq"},{"vulnerability":"VCID-kw77-zver-pbag"},{"vulnerability":"VCID-mcvz-a7zh-43ar"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-z9we-95sx-kbef"},{"vulnerability":"VCID-zqfr-dwgg-7yef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.22.1"}],"aliases":["CVE-2023-46126","GHSA-fgjj-5jmr-gh83"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdps-b21q-cfg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256325?format=json","vulnerability_id":"VCID-kw77-zver-pbag","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35189","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56044","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35189"},{"reference_url":"https://cloud.google.com/iam/docs/key-rotation","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T20:38:12Z/"}],"url":"https://cloud.google.com/iam/docs/key-rotation"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35189","reference_id":"CVE-2024-35189","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35189"},{"reference_url":"https://github.com/advisories/GHSA-rcvg-jj3g-rj7c","reference_id":"GHSA-rcvg-jj3g-rj7c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rcvg-jj3g-rj7c"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-rcvg-jj3g-rj7c","reference_id":"GHSA-rcvg-jj3g-rj7c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T20:38:12Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-rcvg-jj3g-rj7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81545?format=json","purl":"pkg:pypi/ethyca-fides@2.37.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-944j-3smp-juhn"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-mcvz-a7zh-43ar"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-z9we-95sx-kbef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.37.0"}],"aliases":["CVE-2024-35189","GHSA-rcvg-jj3g-rj7c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kw77-zver-pbag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/258810?format=json","vulnerability_id":"VCID-mcvz-a7zh-43ar","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38537","reference_id":"","reference_type":"","scores":[{"value":"0.22233","scoring_system":"epss","scoring_elements":"0.95904","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38537"},{"reference_url":"https://fetch.spec.whatwg.org","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-02T20:11:37Z/"}],"url":"https://fetch.spec.whatwg.org"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/868c4d629760572192bd61db34f5a4458ed12005","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-02T20:11:37Z/"}],"url":"https://github.com/ethyca/fides/commit/868c4d629760572192bd61db34f5a4458ed12005"},{"reference_url":"https://github.com/ethyca/fides/pull/5026","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-02T20:11:37Z/"}],"url":"https://github.com/ethyca/fides/pull/5026"},{"reference_url":"https://sansec.io/research/polyfill-supply-chain-attack","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-02T20:11:37Z/"}],"url":"https://sansec.io/research/polyfill-supply-chain-attack"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38537","reference_id":"CVE-2024-38537","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38537"},{"reference_url":"https://github.com/advisories/GHSA-cvw4-c69g-7v7m","reference_id":"GHSA-cvw4-c69g-7v7m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvw4-c69g-7v7m"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-cvw4-c69g-7v7m","reference_id":"GHSA-cvw4-c69g-7v7m","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-02T20:11:37Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-cvw4-c69g-7v7m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81921?format=json","purl":"pkg:pypi/ethyca-fides@2.39.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-944j-3smp-juhn"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-z9we-95sx-kbef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.39.1"}],"aliases":["CVE-2024-38537","GHSA-cvw4-c69g-7v7m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcvz-a7zh-43ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/307848?format=json","vulnerability_id":"VCID-takv-az13-3bbw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57816","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16001","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57816"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-09T14:19:06Z/"}],"url":"https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.69.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-09T14:19:06Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.69.1"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-fq34-xw6c-fphf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-09T14:19:06Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-fq34-xw6c-fphf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57816"},{"reference_url":"https://github.com/advisories/GHSA-fq34-xw6c-fphf","reference_id":"GHSA-fq34-xw6c-fphf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fq34-xw6c-fphf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193558?format=json","purl":"pkg:pypi/ethyca-fides@2.69.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1"}],"aliases":["CVE-2025-57816","GHSA-fq34-xw6c-fphf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-takv-az13-3bbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/307800?format=json","vulnerability_id":"VCID-uyyz-b5bn-tke5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57766","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21583","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57766"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/8daec4f5ad3daf0f0bdab4814f6757eb0965104b","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:44:58Z/"}],"url":"https://github.com/ethyca/fides/commit/8daec4f5ad3daf0f0bdab4814f6757eb0965104b"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.69.1","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:44:58Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.69.1"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-rpw8-82v9-3q87","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:44:58Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-rpw8-82v9-3q87"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57766","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57766"},{"reference_url":"https://github.com/advisories/GHSA-rpw8-82v9-3q87","reference_id":"GHSA-rpw8-82v9-3q87","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rpw8-82v9-3q87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193558?format=json","purl":"pkg:pypi/ethyca-fides@2.69.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1"}],"aliases":["CVE-2025-57766","GHSA-rpw8-82v9-3q87"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyyz-b5bn-tke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18694?format=json","vulnerability_id":"VCID-x3kp-vr3y-8qav","summary":"Fides Information Disclosure Vulnerability in Config API Endpoint\n### Impact\nThe Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers’ addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users.\n\nThis vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. \n\n### Patches\nThe vulnerability has been patched in Fides version `2.22.1`. Users are advised to upgrade to this version or later to secure their systems against this threat.\n\n### Workarounds\nThere are no workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46125","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39196","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46125"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:11:03Z/"}],"url":"https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.22.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:11:03Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.22.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46125","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46125"},{"reference_url":"https://github.com/advisories/GHSA-rjxg-rpg3-9r89","reference_id":"GHSA-rjxg-rpg3-9r89","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjxg-rpg3-9r89"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89","reference_id":"GHSA-rjxg-rpg3-9r89","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:11:03Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66295?format=json","purl":"pkg:pypi/ethyca-fides@2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-944j-3smp-juhn"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-f1za-bv5q-3kfg"},{"vulnerability":"VCID-f84a-bmxz-67eq"},{"vulnerability":"VCID-kw77-zver-pbag"},{"vulnerability":"VCID-mcvz-a7zh-43ar"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-z9we-95sx-kbef"},{"vulnerability":"VCID-zqfr-dwgg-7yef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.22.1"}],"aliases":["CVE-2023-46125","GHSA-rjxg-rpg3-9r89"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x3kp-vr3y-8qav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/307847?format=json","vulnerability_id":"VCID-y28q-mnkw-cbem","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57815","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22125","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57815"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:43:58Z/"}],"url":"https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c"},{"reference_url":"https://github.com/ethyca/fides/releases/tag/2.69.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:43:58Z/"}],"url":"https://github.com/ethyca/fides/releases/tag/2.69.1"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:43:58Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57815","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57815"},{"reference_url":"https://github.com/advisories/GHSA-7q62-r88r-j5gw","reference_id":"GHSA-7q62-r88r-j5gw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7q62-r88r-j5gw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193558?format=json","purl":"pkg:pypi/ethyca-fides@2.69.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1"}],"aliases":["CVE-2025-57815","GHSA-7q62-r88r-j5gw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y28q-mnkw-cbem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/269627?format=json","vulnerability_id":"VCID-yyb5-tqfe-6fcb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52008","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.2761","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52008"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/ce664da46ab7f86d29583ebc34f2ff776f0aa6c2","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides/commit/ce664da46ab7f86d29583ebc34f2ff776f0aa6c2"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-v7vm-rhmg-8j2r","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T19:16:30Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-v7vm-rhmg-8j2r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52008","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52008"},{"reference_url":"https://github.com/advisories/GHSA-v7vm-rhmg-8j2r","reference_id":"GHSA-v7vm-rhmg-8j2r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v7vm-rhmg-8j2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/187825?format=json","purl":"pkg:pypi/ethyca-fides@2.50.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.50.0"}],"aliases":["CVE-2024-52008","GHSA-v7vm-rhmg-8j2r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyb5-tqfe-6fcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18813?format=json","vulnerability_id":"VCID-zqfr-dwgg-7yef","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nFides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent request allows data subject users to modify their privacy preferences for how the data controller uses their personal data e.g. data sales and sharing consent opt-in/opt-out. If `subject_identity_verification_required` in the `[execution]` section of `fides.toml` or the env var `FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED` is set to `True` on the fides webserver backend, data subjects are sent a one-time code to their email address or phone number, depending on messaging configuration, and the one-time code must be entered in the Privacy Center UI by the data subject before the privacy or consent request is submitted. It was identified that the one-time code values for these requests were generated by the python `random` module, a cryptographically weak pseduo-random number generator (PNRG). If an attacker generates several hundred consecutive one-time codes, this vulnerability allows the attacker to predict all future one-time code values during the lifetime of the backend python process. There is no security impact on data access requests as the personal data download package is not shared in the Privacy Center itself. However, this vulnerability allows an attacker to (i) submit a verified data erasure request, resulting in deletion of data for the targeted user and (ii) submit a verified consent request, modifying a user's privacy preferences. The vulnerability has been patched in Fides version `2.24.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48224","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61932","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48224"},{"reference_url":"https://github.com/ethyca/fides","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ethyca/fides"},{"reference_url":"https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:01:17Z/"}],"url":"https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6"},{"reference_url":"https://peps.python.org/pep-0506","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://peps.python.org/pep-0506"},{"reference_url":"https://peps.python.org/pep-0506/","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:01:17Z/"}],"url":"https://peps.python.org/pep-0506/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48224","reference_id":"CVE-2023-48224","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48224"},{"reference_url":"https://github.com/advisories/GHSA-82vr-5769-6358","reference_id":"GHSA-82vr-5769-6358","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82vr-5769-6358"},{"reference_url":"https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358","reference_id":"GHSA-82vr-5769-6358","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:01:17Z/"}],"url":"https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66555?format=json","purl":"pkg:pypi/ethyca-fides@2.24.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7abd-5d2u-jkhv"},{"vulnerability":"VCID-944j-3smp-juhn"},{"vulnerability":"VCID-ca8f-8pgd-k3ch"},{"vulnerability":"VCID-f1za-bv5q-3kfg"},{"vulnerability":"VCID-kw77-zver-pbag"},{"vulnerability":"VCID-mcvz-a7zh-43ar"},{"vulnerability":"VCID-takv-az13-3bbw"},{"vulnerability":"VCID-uyyz-b5bn-tke5"},{"vulnerability":"VCID-y28q-mnkw-cbem"},{"vulnerability":"VCID-yyb5-tqfe-6fcb"},{"vulnerability":"VCID-z9we-95sx-kbef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.24.0"}],"aliases":["CVE-2023-48224","GHSA-82vr-5769-6358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqfr-dwgg-7yef"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.7.1"}