10 matches found
SUSE CVE-2026-33505
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...
CVE-2026-33505
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...
CVE-2026-33505
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...
CVE-2026-33505
Ory Keto (GetRelationships API) is vulnerable to SQL injection before version 26.2.0 due to flaws in pagination. Pagination tokens are encrypted with secrets.pagination; if an attacker knows this secret, they can forge tokens that inject SQL. If secrets.pagination is not set, a public default sec...
CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...
CVE-2026-33505
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...
CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...
Ory Keto SQL注入漏洞
Ory Keto is an open-source authorization server developed by Ory. Versions of Ory Keto prior to 26.2.0 contained a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...
GO-2026-4800 Ory Keto has a SQL injection via forged pagination tokens in github.com/ory/keto
Ory Keto has a SQL injection via forged pagination tokens in github.com/ory/keto...
GHSA-C38G-MX2C-9WF2 Ory Keto has a SQL injection via forged pagination tokens
Description The GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in secrets.pagination. An attacker who knows this secret can craft their own tokens, including malicious token...