data/reports/GO-2023-2017.yaml

id: GO-2023-2017
modules:
    - module: github.com/weaviate/weaviate
      versions:
        - fixed: 1.18.6
        - introduced: 1.19.0
          fixed: 1.19.13
        - introduced: 1.20.0
          fixed: 1.20.6
      vulnerable_at: 1.20.5
      packages:
        - package: github.com/weaviate/weaviate/adapters/handlers/rest
          symbols:
            - handleUnbatchedGraphQLRequest
summary: Denial of service vulnerability in github.com/weaviate/weaviate
description: |-
    A type conversion issue in Weaviate may allow a remote attack that would cause a
    denial of service.
cves:
    - CVE-2023-38976
ghsas:
    - GHSA-8697-479h-5mfp
references:
    - advisory: https://github.com/weaviate/weaviate/security/advisories/GHSA-8697-479h-5mfp
    - report: https://github.com/weaviate/weaviate/issues/3258
    - fix: https://github.com/weaviate/weaviate/pull/3431
    - fix: https://github.com/weaviate/weaviate/commit/2a7b208d9aca07e28969e3be82689c184ccf9118
    - web: https://github.com/weaviate/weaviate/releases/tag/v1.18.6
    - web: https://github.com/weaviate/weaviate/releases/tag/v1.19.13
    - web: https://github.com/weaviate/weaviate/releases/tag/v1.20.6