CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

CVE-2023-37481

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a...

CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...

CVE-2023-37481

The CVE-2023-37481 entry concerns the Fides webserver. A DoS can be triggered by uploading a zip containing malicious SVG bombs (billion‑laugh style) via the admin UI, exhausting resources on the new connector page. Affected versions are 2.11.0–2.15.1; exploitation is limited to users with elevat...