VDB
CVE-2023-38976
CVE-2023-38976
PUBLISHED
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.
EPSS 8.74% · 92.6th percentile
Risk Scores
EPSS Score
8.74%
92.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| weaviate | weaviate | 1.20.0 |
| github.com | weaviate/weaviate | 1.19.0, 0, 1.20.0 |
Timeline
- Aug 21, 2023 CVE Published
- Aug 22, 2023 EPSS Score
- Sep 24, 2023 EPSS Score
- Nov 29, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 4, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- May 13, 2024 EPSS Score
- Jun 15, 2024 EPSS Score
- Jul 18, 2024 EPSS Score
- Sep 22, 2024 EPSS Score
- Oct 25, 2024 EPSS Score
References
- https://github.com/weaviate/weaviate/issues/3258 url
- https://aisec.today/Weaviate-26981c6c5f794077bd51d24c88cebf7a url
- https://github.com/weaviate/weaviate/security/advisories/GHSA-8697-479h-5mfp url
- https://nvd.nist.gov/vuln/detail/CVE-2023-38976 advisory
- https://github.com/weaviate/weaviate/pull/3431 url
- https://github.com/weaviate/weaviate/commit/2a7b208d9aca07e28969e3be82689c184ccf9118 url
- https://github.com/weaviate/weaviate package
- https://github.com/weaviate/weaviate/releases/tag/v1.18.6 url
- https://github.com/weaviate/weaviate/releases/tag/v1.19.13 url
- https://github.com/weaviate/weaviate/releases/tag/v1.20.6 url