CVE-2023-38976
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.
| Software | From | Fixed in |
|---|---|---|
github.com/weaviate/weaviate
|
1.20.0 | 1.20.6 |
|
github.com/weaviate/weaviate
|
1.19.0 | 1.19.13 |
|
github.com/weaviate/weaviate
|
- | 1.18.6 |
| weaviate / weaviate | 1.20.0 | 1.20.0.x |
- https://aisec.today/Weaviate-26981c6c5f794077bd51d24c88cebf7a
- https://github.com/weaviate/weaviate/commit/2a7b208d9aca07e28969e3be82689c184ccf9118
- https://github.com/weaviate/weaviate/issues/3258
- https://github.com/weaviate/weaviate/pull/3431
- https://github.com/weaviate/weaviate/releases/tag/v1.18.6
- https://github.com/weaviate/weaviate/releases/tag/v1.19.13
- https://github.com/weaviate/weaviate/releases/tag/v1.20.6
- https://github.com/weaviate/weaviate/security/advisories/GHSA-8697-479h-5mfp
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime