Количество 2
Количество 2
CVE-2024-42473
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As of time of publication, a patch is not available but OpenFGA's maintainers are planning a patch for inclusion in a future release.
GHSA-3f6g-m4hr-59h8
OpenFGA Authorization Bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-42473 OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As of time of publication, a patch is not available but OpenFGA's maintainers are planning a patch for inclusion in a future release. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| GHSA-3f6g-m4hr-59h8 OpenFGA Authorization Bypass | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу