### Overview
OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions.
### Am I Affected?
You are affected by this vulnerability if you are using OpenFGA v1.1.0 or earlier, and if you are executing certain [Check](https://openfga.dev/api/service#/Relationship%20Queries/Check) or [ListObjects](https://openfga.dev/api/service#/Relationship%20Queries/ListObjects) calls against a vulnerable authorization model. To see which of your models could be vulnerable to this attack, download OpenFGA v1.1.1 and run the following command:
“`
./openfga validate-models –datastore-engine –datastore-uri | jq .[] | select(.Error | contains(“no entrypoints”))
“`
replacing the variables “ and “ as needed.
### Fix
Upgrade to v1.1.1.
### Backward Compatibility
If you are not passing an invalid authorization model (as identified by running `./openfga validate-models`) as a parameter of your Check and ListObjects calls, this upgrade is backwards compatible.
Otherwise, OpenFGA v1.1.1 will start returning HTTP 400 status codes on those calls.Read More