CVE-2023-45810
CVSS V2 None
CVSS V3 None
Description
OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2023-45810
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-10-17T22:29:00.293Z
- Last Modified Date
- 2023-10-17T22:29:00.293Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/openfga/openfga/security/advisories/GHSA-hr4f-6jh8-f2vq | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-45810 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45810 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 10:06:45 | Added to TrackCVE |