github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability exists in the readUserTuple
function in check_utils.go
due to the lack of validation in authorization mechanism which allows an attacker to bypass the authorization mechanism under certain conditions.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/openfga/openfga | le | v0.3.0 | |
github.com/openfga/openfga | le | v0.3.0 |