x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2023-45810 #2121
Assignees
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
tatianab
added
the
excluded: EFFECTIVELY_PRIVATE
|
Change https://go.dev/cl/537395 mentions this issue: |
|
Change https://go.dev/cl/592763 mentions this issue: |
This was referenced Aug 9, 2024
|
Change https://go.dev/cl/606792 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2023-2097.yaml - data/reports/GO-2023-2109.yaml - data/reports/GO-2023-2121.yaml - data/reports/GO-2023-2125.yaml - data/reports/GO-2023-2134.yaml - data/reports/GO-2023-2135.yaml - data/reports/GO-2023-2136.yaml - data/reports/GO-2023-2156.yaml - data/reports/GO-2023-2159.yaml - data/reports/GO-2023-2166.yaml - data/reports/GO-2023-2170.yaml - data/reports/GO-2023-2176.yaml - data/reports/GO-2023-2188.yaml - data/reports/GO-2023-2329.yaml - data/reports/GO-2023-2330.yaml - data/reports/GO-2023-2332.yaml - data/reports/GO-2023-2335.yaml - data/reports/GO-2023-2336.yaml - data/reports/GO-2023-2337.yaml - data/reports/GO-2023-2338.yaml Updates #2097 Updates #2109 Updates #2121 Updates #2125 Updates #2134 Updates #2135 Updates #2136 Updates #2156 Updates #2159 Updates #2166 Updates #2170 Updates #2176 Updates #2188 Updates #2329 Updates #2330 Updates #2332 Updates #2335 Updates #2336 Updates #2337 Updates #2338 Change-Id: I5fc55dacf7cdfd2512c00f07abfc0debfde9263f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606792 LUCI-TryBot-Result: Go LUCI <[email protected]> Commit-Queue: Tatiana Bradley <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-45810 references github.com/openfga/openfga, which may be a Go module.
Description:
OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of
ListObjectscalls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: