CVE-2022-39342 OpenFGA is an authorization/permission engine. Versions prior to v0.2.4 are vulnerable to authorization bypass under certain conditions
The following example would be vulnerable under some circumstances: user.add_relation(:friends, :order) # =
Install the Gem gem install friends_order
The following example would not be vulnerable: user.add_relation(:friends, :order) #
What is a Relation?
A relation is an association between two records. It can be used to specify relationships such as "friendship" or "parent-child."
Timeline
Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/26/2022 00:52:00 UTC