x/vulndb: potential Go vuln in github.com/authzed/spicedb: GHSA-j85q-46hg-36p2

[GoVulnBot]

In GitHub Security Advisory GHSA-j85q-46hg-36p2, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/authzed/spicedb	1.30.1	< 1.30.1

Cross references:

• Module github.com/authzed/spicedb appears in issue x/vulndb: potential Go vuln in github.com/authzed/spicedb: CVE-2022-21646 #295 EFFECTIVELY_PRIVATE
• Module github.com/authzed/spicedb appears in issue x/vulndb: potential Go vuln in github.com/authzed/spicedb: GHSA-cjr9-mr35-7xh6 #1723 EFFECTIVELY_PRIVATE
• Module github.com/authzed/spicedb appears in issue x/vulndb: potential Go vuln in github.com/authzed/spicedb: CVE-2023-35930 #1871 EFFECTIVELY_PRIVATE
• Module github.com/authzed/spicedb appears in issue x/vulndb: potential Go vuln in github.com/authzed/spicedb: CVE-2023-46255 #2166 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/authzed/spicedb
      versions:
        - fixed: 1.30.1
      vulnerable_at: 1.30.0
      packages:
        - package: github.com/authzed/spicedb
summary: |-
    SpiceDB: LookupSubjects may return partial results if a specific kind of
    relation is used
cves:
    - CVE-2024-32001
ghsas:
    - GHSA-j85q-46hg-36p2
references:
    - advisory: https://github.com/authzed/spicedb/security/advisories/GHSA-j85q-46hg-36p2
    - fix: https://github.com/authzed/spicedb/commit/a244ed1edfaf2382711dccdb699971ec97190c7b
    - advisory: https://github.com/advisories/GHSA-j85q-46hg-36p2

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports