EUVD-2024-1231

Malicious code in bioql PyPI...

CVE-2024-32001

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

GO-2024-2716 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used in github.com/authzed/spicedb

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used in github.com/authzed/spicedb...

CVE-2024-32001

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

GHSA-J85Q-46HG-36P2 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

Background Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or folderparent. This bug only manifests if the same subject type is used multiple types i...

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

Background Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or folderparent. This bug only manifests if the same subject type is used multiple types i...

CVE-2024-32001 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

SpiceDB 安全漏洞

SpiceDB is a fine-grained permissions database inspired by Google Zanzibar. A security vulnerability exists in SpiceDB versions prior to v1.30.1, which stems from the fact that LookupSubjects may return partially sensitive information if certain types of relationships are used...

CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

SpiceDB Security Vulnerabilities

SpiceDB is a fine-grained permission database inspired by Google Zanzibar. A security vulnerability exists in SpiceDB versions prior to 1.29.2 that stems from an integer overflow vulnerability in the CheckPermission, BulkCheckPermission, and LookupSubjects API methods...