Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rxpw-85vw-fx87: OpenFGA denial of service

Overview

OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an “out of memory” error and terminate.

Fix

Upgrade to v1.4.3. This upgrade is backwards compatible.

10 months ago

#vulnerability #ios #dos #git #perl

Package

gomod github.com/openfga/openfga (Go)

Affected versions

< 1.4.3

Patched versions

1.4.3

Description

Overview

OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an “out of memory” error and terminate.

Fix

Upgrade to v1.4.3. This upgrade is backwards compatible.

References

GHSA-rxpw-85vw-fx87
https://nvd.nist.gov/vuln/detail/CVE-2024-23820
openfga/openfga@908ac85
https://github.com/openfga/openfga/releases/tag/v1.4.3

miparnisari published to openfga/openfga

Jan 26, 2024

Published by the National Vulnerability Database

Jan 26, 2024

Published to the GitHub Advisory Database

Jan 26, 2024

Reviewed

Jan 26, 2024

ghsa: Latest News

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

49 minutes ago

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

1 hour ago

GHSA-v7vm-rhmg-8j2r: Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

1 hour ago

GHSA-2xcc-vm3f-m8rw: @lobehub/chat Server Side Request Forgery vulnerability

2 hours ago

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

19 hours ago