OpenFGA denial of service

OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

未加控制的资源消耗(资源穷尽)

OpenFGA 资源管理错误漏洞

OpenFGA是OpenFGA的为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA 1.3.3及之前版本存在安全漏洞，该漏洞源于当执行过多ListObjects调用时会造成拒绝服务（DOS）。

N/A

N/A