—

GO-2026-5133

SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected in github.com/authzed/spicedb

Details

SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected in github.com/authzed/spicedb

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/authzed/spicedb

Introduced in: 1.34.0 Fixed in: 1.54.0

Fix go get github.com/authzed/spicedb@v1.54.0

References

https://github.com/authzed/spicedb/security/advisories/GHSA-4vrg-r928-h5vv [ADVISORY]