SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with

DATABASE

06-06-2025 23:20

CVE-2025-49011 Vulnerabilidad documentada

Sin puntuación

Tags

#data

#source

#open

#db

#database

#issue

#fix

Descripción

SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats the arrow’ed relation, when path resolve a CheckPermission request involves evaluation of multiple caveated branches, requests may return negative response positive expected. Version 1.44.2 fixes issue. As workaround, do not use in schema over relation.

https://github.com/authzed/spicedb/commit/fe8dd9f491f6975b3408c401e413a530eb181a67

https://github.com/authzed/spicedb/releases/tag/v1.44.2

https://github.com/authzed/spicedb/security/advisories/GHSA-cwwm-hr97-qfxm

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-49011

Resultados similares

Coincidentes en almenos en 50% de los tags

06-06-2025 CVE-2025-5760
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective ...
Ver información

05-06-2025 CVE-2025-27753
A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The v...
Ver información