15 matches found
EUVD-2023-2315
Malicious code in bioql PyPI...
EUVD-2023-2760
Malicious code in bioql PyPI...
EUVD-2022-7210
Malicious code in bioql PyPI...
CVE-2024-27101
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2024-46989
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...
CVE-2024-46989
CVE-2024-46989 affects SpiceDB (spicedb): having multiple caveats on resources of the same indirect subject type within the same relation can cause CheckPermission to return NO_PERMISSION instead of PERMISSION when expected. The issue can occur when a resource has multiple groups and each is cave...
CVE-2024-46989 Multiple caveats on resources of the same type can result in no permission when permission is expected
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...
CVE-2024-38361 Permissions processing error in spacedb
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
CVE-2024-27101
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2024-27101
CVE-2024-27101 affects SpiceDB (Google Zanzibar-inspired permissions store). The root cause is an integer overflow in the chunking helper, which can cause dispatching to miss elements or panic when a resource has more than 65,535 relationships for a given resource and subject type. Affected API m...
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
GHSA-JG7W-CXJV-98C2 SpiceDB leaks information in log files when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. When the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is printed, so that the password i...
SpiceDB leaks information in log files when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. When the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is printed, so that the password i...
CVE-2023-46255
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...
CVE-2023-46255
SpiceDB (open source, Google Zanzibar-inspired permissions store) has a log exposure flaw: if the datastore URI is malformed (for example, a password containing a colon), the full URI including the password is printed to logs. This is addressed in version 1.27.0-rc1. Upgrade to 1.27.0-rc1 or late...