Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04Njk3LTQ3OWgtNW1mcM4AA1ar
Weaviate denial of service vulnerability
Impact
This vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier.
Who is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability.
Patches
A patch has been developed for this vulnerability.
Patch releases 1.20.6, 1.19.13, and 1.18.6 are fixing this vulnerability in each respective minor version release.
Users are strongly recommended to upgrade to one of these patched versions to address the vulnerability.
Keeping software up-to-date is crucial to avoid security vulnerabilities.
Workarounds
There are no known workarounds to fix or remediate this vulnerability without upgrading.
Users must upgrade to a patched version to mitigate the risk.
References
- https://github.com/weaviate/weaviate/releases/tag/v1.18.6
- https://github.com/weaviate/weaviate/releases/tag/v1.19.13
- https://github.com/weaviate/weaviate/releases/tag/v1.20.6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Njk3LTQ3OWgtNW1mcM4AA1ar
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 9 months ago
Updated: 9 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-8697-479h-5mfp, CVE-2023-38976
References:
- https://github.com/weaviate/weaviate/security/advisories/GHSA-8697-479h-5mfp
- https://nvd.nist.gov/vuln/detail/CVE-2023-38976
- https://github.com/weaviate/weaviate/issues/3258
- https://github.com/weaviate/weaviate/pull/3431
- https://github.com/weaviate/weaviate/commit/2a7b208d9aca07e28969e3be82689c184ccf9118
- https://github.com/weaviate/weaviate/releases/tag/v1.18.6
- https://github.com/weaviate/weaviate/releases/tag/v1.19.13
- https://github.com/weaviate/weaviate/releases/tag/v1.20.6
- https://github.com/advisories/GHSA-8697-479h-5mfp
Blast Radius: 8.8
Affected Packages
go:github.com/weaviate/weaviate
Dependent packages: 36Dependent repositories: 15
Downloads:
Affected Version Ranges: < 1.18.6, >= 1.19.0, < 1.19.13, >= 1.20.0, < 1.20.6
Fixed in: 1.18.6, 1.19.13, 1.20.6
All affected versions: 0.22.18, 0.22.19, 0.22.20, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.12.1, 1.12.2, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.14.1, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.15.5, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.16.5, 1.16.6, 1.16.7, 1.16.8, 1.16.9, 1.17.0, 1.17.1, 1.17.2, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.18.4, 1.18.5, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.19.6, 1.19.7, 1.19.8, 1.19.9, 1.19.10, 1.19.11, 1.19.12, 1.20.0, 1.20.1, 1.20.2, 1.20.3, 1.20.4, 1.20.5
All unaffected versions: 1.18.6, 1.19.13, 1.20.6, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.21.8, 1.21.9, 1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.22.5, 1.22.6, 1.22.7, 1.22.8, 1.22.9, 1.22.10, 1.22.11, 1.23.0, 1.23.1, 1.23.2, 1.23.3, 1.23.4