{"id":"GO-2023-1872","summary":"Denial of service in github.com/openfga/openfga","details":"OpenFGA is vulnerable to a denial of service attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions.","aliases":["CVE-2023-35933","GHSA-hr9r-8phq-5x8j"],"modified":"2024-05-20T16:03:47Z","published":"2023-07-05T17:29:51Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-1872","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/openfga/openfga/security/advisories/GHSA-hr9r-8phq-5x8j"},{"type":"FIX","url":"https://github.com/openfga/openfga/commit/087ce392595f3c319ab3028b5089118ea4063452"}],"affected":[{"package":{"name":"github.com/openfga/openfga","ecosystem":"Go","purl":"pkg:golang/github.com/openfga/openfga"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.1.1"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/openfga/openfga/pkg/typesystem","symbols":["New","NewAndValidate","TypeSystem.validateNames","TypeSystem.validateRelationTypeRestrictions"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1872.json"}}],"schema_version":"1.7.3"}