Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SpiceDB's WriteRelationships fails silently if payload is too big
Vulnerability Description
SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their authorization schema; have configured their SpiceDB server such that `--write-relationships-max-updates-per-call` is bigger than 6500; and issue calls to WriteRelationships with a large enough number of updates that cause the payload to be bigger than what their datastore allows; will receive a successful response from their `WriteRelationships` call, when in reality that call failed, and receive incorrect permission check results, if those relationships had to be read to resolve the relation involving the exclusion. Version 1.45.2 contains a patch for the issue. As a workaround, set `--write-relationships-max-updates-per-call` to `1000`.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
SpiceDB 安全漏洞
Vulnerability Description
SpiceDB是Authzed团队的一个细粒度权限数据库。 SpiceDB 1.45.2之前版本存在安全漏洞,该漏洞源于使用排除运算符时未正确处理写入关系调用,可能导致权限检查结果错误。
CVSS Information
N/A
Vulnerability Type
N/A