Sidneibjunior

**Name of the Vulnerable Software and Affected Versions** OpenFGA versions 1.5.7 through 1.5.8 **Description** OpenFGA is an authorization/permission engine. The issue concerns an authorization bypass when calling the Check API with a model that uses `but not` and `from` expressions and a userset. **Recommendations** For OpenFGA versions 1.5.7 and 1.5.8, downgrade to v1.5.6 as soon as possible, as this downgrade is backward compatible. If you are using OpenFGA within Docker or as a Go library, as a binary, or through Docker, upgrade to v1.5.9 as soon as possible. If using Helm chart, upgrade to 0.2.12 as soon as possible.