CVE-2023-35933

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-35933
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35933.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-35933
Aliases
Related
Published
2023-06-26T20:15:10Z
Modified
2025-01-15T04:54:48.576424Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing Check or ListObjects calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected.

References

Affected packages

Git / github.com/openfga/openfga

Affected ranges

Type
GIT
Repo
https://github.com/openfga/openfga
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.4.0
v0.4.1
v0.4.2
v0.4.3

v1.*

v1.0.0
v1.0.1
v1.1.0