Safety vulnerability ID: 63347
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Ethyca's Fides 2.22.1 patches a high-severity SSRF vulnerability (CVE-2023-46124) affecting versions before 2.22.1. This vulnerability allowed attackers with certain API access to make internal system requests that could lead to data breaches. The update is crucial for users with CONNECTOR_TEMPLATE_REGISTER scope and should be applied immediately to secure systems.
https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4
Latest version: 2.51.1
Open-source ecosystem for data privacy as code.
Release Pull Request
https://github.com/ethyca/fides/pull/4316
What's Changed
* Custom fields are now included in system history change tracking by galvana in [4294](https://github.com/ethyca/fides/pull/4294)
* Added hostname checks for external SaaS connector URLs [CVE-2023-46124](https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4) by ThomasLaPiana
* Use a Pydantic URL type for privacy policy URLs [CVE-2023-46126](https://github.com/ethyca/fides/security/advisories/GHSA-fgjj-5jmr-gh83) by ThomasLaPiana
* Remove the CONFIG_READ scope from the Viewer role [CVE-2023-46125](https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89) by ThomasLaPiana
**Full Changelog**: https://github.com/ethyca/fides/compare/2.22.0...2.22.1
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application