PyPI: ethyca-fides

CVE-2024-31223

Safety vulnerability ID: SFTY-20240703-63219

Safety legacy ID: pyup.io-72082

Fides affected versions are vulnerable to a security issue involving the SERVER_SIDE_FIDES_API_URL configuration environment variable used by the Fides Privacy Center. This variable typically contains a URL with a private IP address, private domain name, and/or port. An unauthenticated attacker could exploit this vulnerability to make an HTTP GET request from the Privacy Center, disclosing the value of this server-side URL. This disclosure could provide the attacker with information on server-side ports, private IP addresses, and/or private domain names.

PythonPyPINVDNVDGitHubGHSA
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

Advisory

Fides affected versions are vulnerable to a security issue involving the SERVER_SIDE_FIDES_API_URL configuration environment variable used by the Fides Privacy Center. This variable typically contains a URL with a private IP address, private domain name, and/or port. An unauthenticated attacker could exploit this vulnerability to make an HTTP GET request from the Privacy Center, disclosing the value of this server-side URL. This disclosure could provide the attacker with information on server-side ports, private IP addresses, and/or private domain names.

Affected Package

Affecting ethyca-fides package, versions
>=2.19.0,<2.39.2

Also affects

---

How to Fix

Upgrade
ethyca-fides
to
2.39.2
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more