Remote Code Execution in Custom Integration Upload

🗓️ 07 Sep 2023 12:34:59Reported by GoogleType

osv🔗 osv.dev👁 18 Views

Remote Code Execution in Custom Integration Upload. Fides webserver API allows custom integrations to be uploaded as a ZIP file, potentially executing arbitrary code restricted in a sandbox

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2023-41319	6 Sep 202318:15	–	cve
NVD	CVE-2023-41319	6 Sep 202318:15	–	nvd
Prion	Default configuration	6 Sep 202318:15	–	prion
OSV	CVE-2023-41319	6 Sep 202318:15	–	osv
Github Security Blog	Remote Code Execution in Custom Integration Upload	7 Sep 202312:59	–	github
Vulnrichment	CVE-2023-41319 Remote Code Execution in Custom Integration Upload in Fides	6 Sep 202317:54	–	vulnrichment
Cvelist	CVE-2023-41319 Remote Code Execution in Custom Integration Upload in Fides	6 Sep 202317:54	–	cvelist
Veracode	Remote Code Execution	8 Sep 202309:16	–	veracode

Source	Link
github	www.github.com/ethyca/fides/security/advisories/GHSA-p6p2-qq95-vq5h
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-41319
github	www.github.com/ethyca/fides/commit/5989b5fa744c8d8c340963b895a054883549358a
github	www.github.com/ethyca/fides

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Sep 2023 12:59Current

7.5High risk

Vulners AI Score7.5

CVSS37.2 - 8.8

EPSS0.001

SSVC