Adriantam

**Name of the Vulnerable Software and Affected Versions** OpenFGA versions 1.8.5 through 1.11.2 **Description** OpenFGA is an authorization/permission engine. Versions 1.8.5 through 1.11.2 are susceptible to improper policy enforcement during specific `Check` calls. This occurs when a model includes a relation directly assignable by a type bound public access and assignable by type bound non-public access, a tuple assigned for the relation that is a type bound public access, a tuple assigned for the same object with the same relation that is not type bound public access, and a tuple assigned for a different object that has an object ID lexicographically larger with the same user and relation which is not type bound public access. **Recommendations** Upgrade to version 1.11.3.

**Name of the Vulnerable Software and Affected Versions** OpenFGA versions 1.4.0 through 1.11.0 **Description** OpenFGA is an authorization/permission engine. Versions 1.4.0 through 1.11.0 are subject to improper policy enforcement during specific `Check` and `ListObject` calls. **Recommendations** Update to version 1.11.1 or later.