12 matches found
EUVD-2023-2394
Malicious code in bioql PyPI...
EUVD-2022-7086
Malicious code in bioql PyPI...
CVE-2022-39340
OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the streamed-list-objects endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users openfga/openfga versions 0.2.3 and prior who are exposing the OpenFGA service to the intern...
PT-2025-22567 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.8.0 through 1.8.12 Description: OpenFGA is an authorization/permission engine. The issue arises when certain Check and ListObject calls are executed under specific conditions. These conditions include: calling Check API or...
CVE-2025-46331
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...
CVE-2024-42473 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...
CVE-2024-23820
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, t...
CVE-2024-23820
CVE-2024-23820 affects OpenFGA (authorization engine). A DoS can occur when repeatedly calling ListObjects, in scenarios depending on the model and tuples, due to memory not being released, potentially exhausting memory and terminating the server. A patch is available in OpenFGA v1.4.3. Other con...
CVE-2024-23820 OpenFGA DoS
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, t...
CVE-2024-23820 OpenFGA DoS
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, t...
CVE-2023-35933
OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this...
Authorization
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct...