CNNVD-202511-884 Information
Nov 10, 2025
cve
CNNVD ID
CNNVD-202511-884
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
SpiceDB是Authzed团队的一个细粒度权限数据库。 SpiceDB 1.45.2之前版本存在安全漏洞,该漏洞源于使用排除运算符时未正确处理写入关系调用,可能导致权限检查结果错误。
Description (English)
SpiceDB is a fine-particle access database for the Authzed team. There is a security loophole in the previous version of SpiceDB 1.45.2, which arises from the incorrect handling of write relationship calls when using the exclusion operator, which may lead to error in the result of the right check.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Authzed
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/authzed/spicedb/security/advisories/GHSA-pm3x-jrhh-qcr7
Patch
https://github.com/authzed/spicedb/releases
Share on: