5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
30.8%
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects
may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an out of memory
error and terminate. Version 1.4.3 contains a patch for this issue.
[
{
"vendor": "openfga",
"product": "openfga",
"versions": [
{
"version": "< 1.4.3",
"status": "affected"
}
]
}
]