OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This vulnerability is fixed in 1.9.5.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/openfga/openfga(Go) | 1.9.3 | 1.9.5 | N/A |
CVSS Metrics
