x/vulndb: potential Go vuln in github.com/openfga/openfga: GHSA-m3q4-7qmj-657m

[GoVulnBot]

In GitHub Security Advisory GHSA-m3q4-7qmj-657m, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/openfga/openfga	0.3.1	= 0.3.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: TODO (earliest fixed "0.3.1", vuln range "= 0.3.0")
    packages:
      - package: github.com/openfga/openfga
description: |-
    ### Overview
    During our internal security assessment, it was discovered that OpenFGA versions v0.3.0 is vulnerable to authorization bypass under certain conditions.

    ### Am I Affected?
    You are affected by this vulnerability if **all** of the following applies:

    1.  You are using OpenFGA v0.3.0
    2. You created a model using modeling language v1.1 that applies a type restriction to an object e.g. `define viewer: [user]`
    3. You created tuples based on the aforementioned model, e.g. `document:1#viewer@user:jon`
    4. You updated the previous model by adding a new type and replacing the previous restriction with the newly added type e.g. `define viewer: [employee]`
    5. You use the tuples created against the first model (step 3) and issue checks against the updated model e.g. `user=user:jon, relation=viewer, object:document:1`

    ### How to fix that?
    Upgrade to version v0.3.1

    ### Backward Compatibility
    This update is backward compatible.
cves:
  - CVE-2022-23542
ghsas:
  - GHSA-m3q4-7qmj-657m

[timothy-king]

Duplicate of #1179