GO-2025-4120 SpiceDB WriteRelationships fails silently if payload is too big in github.com/authzed/spicedb

SpiceDB WriteRelationships fails silently if payload is too big in github.com/authzed/spicedb...

SpiceDB WriteRelationships fails silently if payload is too big

Impact Users who 1. use the exclusion operator somewhere in their authorization schema 1. have configured their SpiceDB server such that --write-relationships-max-updates-per-call is bigger than 6500 1. issue calls to WriteRelationships with a large enough number of updates that cause the payload...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...

PT-2025-46219

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.45.2 Description SpiceDB is a database system for managing application permissions. Versions prior to 1.45.2 are susceptible to an issue where a successful response is incorrectly returned from a WriteRelationships...