AVID-2026-R1267

Description

Vulnerability CVE-2023-38976

Details

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.

Reason for inclusion in AVID: The CVE describes a remote denial-of-service vulnerability in Weaviate v1.20.0 via handleUnbatchedGraphQLRequest. Weaviate is a vector database commonly used in AI data pipelines and model-serving stacks; this is a software supply-chain issue affecting components used to build/deploy AI systems. It is a security vulnerability with explicit impact, and the report provides explicit references (NVD entry, GitHub issue).

References

• NVD entry
• https://github.com/weaviate/weaviate/issues/3258
• https://aisec.today/Weaviate-26981c6c5f794077bd51d24c88cebf7a

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2023-08-21
• Version: 0.3.3
• AVID Entry