SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
References
Configurations
No configuration.
History
09 Jun 2025, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-06 18:15
Updated : 2025-06-09 12:15
NVD link : CVE-2025-49011
Mitre link : CVE-2025-49011
CVE.ORG link : CVE-2025-49011
JSON object : View
Products Affected
No product.
CWE
CWE-358
Improperly Implemented Security Check for Standard