High severity7.5NVD Advisory· Published Aug 21, 2023· Updated Jun 17, 2026
CVE-2023-38976
CVE-2023-38976
Description
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/weaviate/weaviateGo | >= 1.20.0, < 1.20.6 | 1.20.6 |
github.com/weaviate/weaviateGo | >= 1.19.0, < 1.19.13 | 1.19.13 |
github.com/weaviate/weaviateGo | < 1.18.6 | 1.18.6 |
Affected products
4- osv-coords3 versions
< 0+ 2 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 1.20.0, < 1.20.6
Patches
Vulnerability mechanics
References
10- github.com/weaviate/weaviate/issues/3258nvdExploitIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-8697-479h-5mfpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-38976ghsaADVISORY
- github.com/weaviate/weaviate/commit/2a7b208d9aca07e28969e3be82689c184ccf9118ghsaWEB
- github.com/weaviate/weaviate/pull/3431ghsaWEB
- github.com/weaviate/weaviate/releases/tag/v1.18.6ghsaWEB
- github.com/weaviate/weaviate/releases/tag/v1.19.13ghsaWEB
- github.com/weaviate/weaviate/releases/tag/v1.20.6ghsaWEB
- github.com/weaviate/weaviate/security/advisories/GHSA-8697-479h-5mfpghsaWEB
- aisec.today/Weaviate-26981c6c5f794077bd51d24c88cebf7anvd
News mentions
0No linked articles in our index yet.