EUVD-2023-2315

Malicious code in bioql PyPI...

CVE-2025-48371 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

GHSA-W222-M46C-MGH6 OpenFGA Authorization Bypass

Overview OpenFGA v1.8.10 or previous Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? If you are using OpenFGA v1.8.10 or previous, specifically under the following conditions, you are affect...

GHSA-G4V5-6F5P-M38J OpenFGA Authorization Bypass

Overview OpenFGA v1.8.4 or previous Helm chart openfga-0.2.22, docker v.1.8.5 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? If you are using OpenFGA v1.8.4 or previous, specifically under the following conditions, you are affected by...

CVE-2025-25196 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.4 Helm chart openfga-0.2.22, docker v.1.8.4 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users on OpenFGA...

CVE-2024-31452

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. ...

Authentication Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper validation of conditions and contextual tuples when using the Check API or ListObjects API, particularly when caching is enabled OPENFGACHECKQUERYCACHEENABLED, allows attackers to potentially...

CVE-2024-56323 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses conditions, and 2...

GHSA-32Q6-RR98-CJQV OpenFGA Authorization Bypass

Overview OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? You are affected by this authorization bypass vulnerability if you are using OpenFGA...

OpenFGA Authorization Bypass

Overview OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? You are affected by this authorization bypass vulnerability if you are using OpenFGA...

GHSA-8CPH-M685-6V6R OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. Am I Affected? You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. a and b and you have any cyclical relationships. If...

OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. Am I Affected? You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. a and b and you have any cyclical relationships. If...

CVE-2024-31452

OpenFGA CVE-2024-31452 affects OpenFGA v1.5.0+ with an authorization bypass when calling Check or ListObjects APIs. The root cause relates to exclusion or intersection models (e.g., a but not b, or a and b). The issue is fixed in v1.5.3; remediation is to upgrade to v1.5.3 (or later) to mitigate....

OpenFGA 安全漏洞

OpenFGA is OpenFGA's high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. A security vulnerability exists in OpenFGA versions prior to 1.5.0 to 1.5.3 that stems from an authorization bypass vulnerability when a user calls the Check or...

Denial Of Service (DoS)

github.com/openfga/openfga is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient memory management in the ListObjects function, particularly in handling the closure of the ReverseExpand channel, resulting in memory being improperly released. This flaw allows an attacker ...

OpenFGA denial of service

Overview OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate...

Authorization

OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, t...

OpenFGA Security Vulnerabilities

OpenFGA is OpenFGA's high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. A security vulnerability exists in OpenFGA versions prior to 1.4.3, which stems from the fact that in certain scenarios that depend on the model and tuple used,...

OpenFGA DoS vulnerability

Overview OpenFGA is vulnerable to a DoS attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and the service as a whole becomes unresponsive. Fix Upgrade to v1.3.4. This upgrade is backwards...

GHSA-HR4F-6JH8-F2VQ OpenFGA DoS vulnerability

Overview OpenFGA is vulnerable to a DoS attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and the service as a whole becomes unresponsive. Fix Upgrade to v1.3.4. This upgrade is backwards...