Safety vulnerability ID: 72084
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Fides affected versions use the polyfill.io domain to support legacy browsers like IE11 that do not support the fetch standard. This allows users of pre-2017 browsers to potentially download and execute malicious scripts from polyfill.io when compromised. Although no exploitation has been identified, the vulnerability has been patched. On June 27, 2024, Cloudflare and Namecheap intervened to prevent polyfill.io from resolving to the compromised service, rendering this vulnerability unexploitable. Prior to this intervention, the impacts on confidentiality, integrity, and availability were high. Clients can mitigate risk by using modern browsers that support the fetch standard.
Latest version: 2.51.1
Open-source ecosystem for data privacy as code.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application