Denial of Service Vulnerability in Weaviate by Weaviate GmbH
CVE-2023-38976

7.5HIGH

Key Information:

Vendor: Weaviate
Status: Weaviate
Vendor: CVE Published:; 21 August 2023

What is CVE-2023-38976?

An issue in Weaviate version 1.20.0 exposes the system to a denial of service attack through the handleUnbatchedGraphQLRequest function. This vulnerability could allow remote attackers to disrupt services, potentially leading to significant downtime and service unavailability. It is crucial for users and administrators of Weaviate to assess their exposure and apply necessary mitigations.

References

https://github.com/weaviate/weaviate/issues/3258

https://aisec.today/Weaviate-26981c6c5f794077bd51d24c88ce...

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Jul 25, 2023

CVE-2023-38976 Data

JSON