-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2022-39352 #1099
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
zpavlinovic
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Nov 8, 2022
Change https://go.dev/cl/448815 mentions this issue: |
This was referenced Aug 25, 2023
Change https://go.dev/cl/592835 mentions this issue: |
This was referenced Aug 9, 2024
Change https://go.dev/cl/607231 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2022-1079.yaml - data/reports/GO-2022-1080.yaml - data/reports/GO-2022-1081.yaml - data/reports/GO-2022-1089.yaml - data/reports/GO-2022-1099.yaml - data/reports/GO-2022-1100.yaml - data/reports/GO-2022-1105.yaml - data/reports/GO-2022-1106.yaml - data/reports/GO-2022-1107.yaml - data/reports/GO-2022-1119.yaml - data/reports/GO-2022-1120.yaml - data/reports/GO-2022-1121.yaml - data/reports/GO-2022-1132.yaml - data/reports/GO-2022-1135.yaml - data/reports/GO-2022-1138.yaml - data/reports/GO-2022-1147.yaml - data/reports/GO-2022-1151.yaml - data/reports/GO-2022-1152.yaml - data/reports/GO-2022-1153.yaml - data/reports/GO-2022-1154.yaml Updates #1079 Updates #1080 Updates #1081 Updates #1089 Updates #1099 Updates #1100 Updates #1105 Updates #1106 Updates #1107 Updates #1119 Updates #1120 Updates #1121 Updates #1132 Updates #1135 Updates #1138 Updates #1147 Updates #1151 Updates #1152 Updates #1153 Updates #1154 Change-Id: Ice57e62cbaec73a848639ed6de50434eac91a368 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607231 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Commit-Queue: Tatiana Bradley <tatianabradley@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2022-39352 references github.com/openfga/openfga, which may be a Go module.
Description:
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation.
References:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: