GO-2023-2084 OpenFGA Vulnerable to DoS from circular relationship definitions in github.com/openfga/openfga

OpenFGA Vulnerable to DoS from circular relationship definitions in github.com/openfga/openfga...

OpenFGA Vulnerable to DoS from circular relationship definitions

Overview OpenFGA is vulnerable to a DoS attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Am I Affected? Yes, if your store contains an...

Path traversal

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's...

CVE-2023-43645 Denial of service from circular relationship definitions in OpenFGA

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's...

CVE-2023-43645 Denial of service from circular relationship definitions in OpenFGA

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's...

CVE-2023-43645

OpenFGA CVE-2023-43645 describes a DoS vulnerability triggered by Check calls against authorization models with circular relationships. The underlying issue is resources exhaustion when evaluating cyclic relations, potentially crashing the server. Remediation provided in multiple sources: upgrade...

GO-2023-1872 Denial of service in github.com/openfga/openfga

OpenFGA is vulnerable to a denial of service attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions...

OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

GHSA-HR9R-8PHQ-5X8J OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

CVE-2023-35933

OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this...

CVE-2023-35933 OpenFGA denial of service die to circular relationship

OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this...

CVE-2023-35933

OpenFGA is vulnerable to a Denial of Service when performing Check or ListObjects against authorization models that contain circular relationship definitions in versions ≤ v1.1.0. The root cause is a DoS condition triggered by these relationship structures, as described in multiple sources, with ...