Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rxpw-85vw-fx87: OpenFGA denial of service

Overview

OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an “out of memory” error and terminate.

Fix

Upgrade to v1.4.3. This upgrade is backwards compatible.

9 months ago

#vulnerability #ios #dos #git #perl

Package

gomod github.com/openfga/openfga (Go)

Affected versions

< 1.4.3

Patched versions

1.4.3

Description

Overview

OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an “out of memory” error and terminate.

Fix

Upgrade to v1.4.3. This upgrade is backwards compatible.

References

GHSA-rxpw-85vw-fx87
https://nvd.nist.gov/vuln/detail/CVE-2024-23820
openfga/openfga@908ac85
https://github.com/openfga/openfga/releases/tag/v1.4.3

miparnisari published to openfga/openfga

Jan 26, 2024

Published by the National Vulnerability Database

Jan 26, 2024

Published to the GitHub Advisory Database

Jan 26, 2024

Reviewed

Jan 26, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

3 hours ago

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

3 hours ago

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

3 hours ago

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

4 hours ago

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

8 hours ago