SurrealDB
- <= 1.2.0
A denial-of-service vulnerability has been identified in SurrealDB versions prior to 1.2.1. This issue arises from uncaught exception handling in the span rendering process when queries contain errors related to line terminator characters. Authorized clients can exploit this vulnerability by submitting malformed queries that cause a panic in the span rendering code, leading to a server crash.
Exploitation of this vulnerability causes the SurrealDB server to crash, resulting in a denial-of-service condition.
Users can update to SurrealDB version 1.2.1 or later to address this vulnerability. Those unable to update should consider restricting untrusted users from executing arbitrary SurrealQL queries and ensure that the SurrealDB process can be automatically restarted after a crash.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.