9 matches found
EUVD-2022-7210
Malicious code in bioql PyPI...
CVE-2024-46989 Multiple caveats on resources of the same type can result in no permission when permission is expected
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...
CVE-2024-38361 Permissions processing error in spacedb
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2024-27101
CVE-2024-27101 affects SpiceDB (Google Zanzibar-inspired permissions store). The root cause is an integer overflow in the chunking helper, which can cause dispatching to miss elements or panic when a resource has more than 65,535 relationships for a given resource and subject type. Affected API m...
GHSA-JG7W-CXJV-98C2 SpiceDB leaks information in log files when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. When the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is printed, so that the password i...
SpiceDB leaks information in log files when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. When the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is printed, so that the password i...
CVE-2023-46255
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...
SpiceDB 安全漏洞
SpiceDB is a fine-grained permissions database inspired by Google Zanzibar. A security vulnerability exists in SpiceDB versions prior to 1.19.1. An attacker exploited the vulnerability to obtain sensitive data...