SurrealDB
- < 2.1.0
A denial-of-service vulnerability has been identified in SurrealDB versions prior to 2.1.0. The issue arises in the sorting mechanism when the ORDER BY rand() clause is used. Authorized clients can execute queries with this clause, triggering a panic in the sorting function that crashes the server.
Exploiting this vulnerability causes a server crash, leading to a denial-of-service condition.
Users can update to SurrealDB version 2.1.0 or later to address this vulnerability. For those unable to update, it is recommended to restrict untrusted clients from executing arbitrary SurrealQL queries and to ensure the SurrealDB process can automatically restart after a crash.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.