8 matches found
CVE-2026-54902
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...
CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
CVE-2026-33729
OpenFGA (authority: CVE-2026-33729) fixes a cache-key collision bug in versions before 1.13.1. When models use conditions with caching enabled, two different check requests can generate the same cache key, causing a cached result to be reused for a different request. The issue affects models with...
GO-2026-4857 OpenFGA has an Authorization Bypass through cached keys in github.com/openfga/openfga
OpenFGA has an Authorization Bypass through cached keys in github.com/openfga/openfga...
OpenFGA has an Authorization Bypass through cached keys
Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Am I Affected? Users are affected if the...
EUVD-2026-16507
OpenFGA has an Authorization Bypass through cached keys...
GHSA-H6C8-CWW8-35HF OpenFGA has an Authorization Bypass through cached keys
Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Am I Affected? Users are affected if the...