4 matches found
GHSA-W222-M46C-MGH6 OpenFGA Authorization Bypass
Overview OpenFGA v1.8.10 or previous Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? If you are using OpenFGA v1.8.10 or previous, specifically under the following conditions, you are affect...
OpenFGA DoS vulnerability
Overview OpenFGA is vulnerable to a DoS attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and the service as a whole becomes unresponsive. Fix Upgrade to v1.3.4. This upgrade is backwards...
Denial Of Service (DoS)
OpenFGA is vulnerable to Denial of service attacks. The vulnerability is due to an insufficient mechanism to release resources. When a number of Listobjects calls are executed, the resources are not released after the response is sent...
OpenFGA vulnerable to denial of service due to circular relationship
Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...