Lucene search
K

5 matches found

OSV
OSV
added 2023/07/18 7:23 p.m.13 views

GHSA-3RW2-WFC8-WMJ5 Fides Webserver Vulnerable to SVG Bomb File Uploads

Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a billion laughs attack, causing resource exhaustion in Admin UI browser tabs and creating a persistent denial...

2.7CVSS4.4AI score0.00579EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/07/18 6:19 p.m.18 views

CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...

2.7CVSS6.8AI score0.00568EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/18 6:19 p.m.46 views

CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...

2.7CVSS5.7AI score0.00568EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/07/06 8:40 p.m.28 views

ethyca-fides Webserver API Path Traversal vulnerability

Impact A path traversal directory traversal vulnerability affects fides versions lower than 2.15.1, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. Patches The vulnerability is patched in fides 2.15.1. Users should upgrade to this version...

7.5CVSS7AI score0.0109EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/07/06 8:40 p.m.28 views

GHSA-R25M-CR6V-P9HQ ethyca-fides Webserver API Path Traversal vulnerability

Impact A path traversal directory traversal vulnerability affects fides versions lower than 2.15.1, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. Patches The vulnerability is patched in fides 2.15.1. Users should upgrade to this version...

7.5CVSS7.5AI score0.0109EPSS
Exploits0References6
Rows per page
Query Builder