blob: 966e6cc4360e2afe2cde27ceaafbdfb03077ddfe [file] [log] [blame]
id: GO-2023-2017
modules:
- module: github.com/weaviate/weaviate
versions:
- fixed: 1.18.6
- introduced: 1.19.0
fixed: 1.19.13
- introduced: 1.20.0
fixed: 1.20.6
vulnerable_at: 1.20.5
packages:
- package: github.com/weaviate/weaviate/adapters/handlers/rest
symbols:
- handleUnbatchedGraphQLRequest
derived_symbols:
- Server.ConfigureAPI
- Server.Serve
- Server.SetAPI
summary: Denial of service vulnerability in github.com/weaviate/weaviate
description: |-
A type conversion issue in Weaviate may allow a remote attack that would cause a
denial of service.
cves:
- CVE-2023-38976
ghsas:
- GHSA-8697-479h-5mfp
references:
- advisory: https://github.com/weaviate/weaviate/security/advisories/GHSA-8697-479h-5mfp
- report: https://github.com/weaviate/weaviate/issues/3258
- fix: https://github.com/weaviate/weaviate/pull/3431
- fix: https://github.com/weaviate/weaviate/commit/2a7b208d9aca07e28969e3be82689c184ccf9118
- web: https://github.com/weaviate/weaviate/releases/tag/v1.18.6
- web: https://github.com/weaviate/weaviate/releases/tag/v1.19.13
- web: https://github.com/weaviate/weaviate/releases/tag/v1.20.6
review_status: REVIEWED