High severityNVD Advisory· Published Oct 17, 2023· Updated Sep 13, 2024
OpenFGA denial of service
CVE-2023-45810
Description
OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openfga/openfgaGo | < 1.3.4 | 1.3.4 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-hr4f-6jh8-f2vqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-45810ghsaADVISORY
- github.com/openfga/openfga/releases/tag/v1.3.4ghsaWEB
- github.com/openfga/openfga/security/advisories/GHSA-hr4f-6jh8-f2vqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.