Vulnerability Report: GO-2023-1872
- CVE-2023-35933, GHSA-hr9r-8phq-5x8j
- Affects: github.com/openfga/openfga
- Published: Jul 05, 2023
- Modified: May 20, 2024
OpenFGA is vulnerable to a denial of service attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions.
For detailed information about this vulnerability, visit https://github.com/openfga/openfga/security/advisories/GHSA-hr9r-8phq-5x8j.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.1.1
Aliases
References
- https://github.com/openfga/openfga/security/advisories/GHSA-hr9r-8phq-5x8j
- https://github.com/openfga/openfga/commit/087ce392595f3c319ab3028b5089118ea4063452
- https://vuln.go.dev/ID/GO-2023-1872.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.