SurrealDB
- <= 1.1.1
A denial-of-service vulnerability has been identified in SurrealDB versions prior to 1.2.0. This issue arises from an uncaught exception in the query executor, which occurs when the server processes calls to nonexistent built-in functions. Authorized clients can exploit this vulnerability by crafting pre-parsed queries that invoke these nonexistent functions, leading to a server panic and subsequent crash.
Exploitation of this vulnerability causes the SurrealDB server to crash, creating a denial-of-service condition.
Users can update to SurrealDB version 1.2.0 or later to address this vulnerability. Those unable to update should consider restricting untrusted users from executing arbitrary SurrealQL queries on affected versions and ensure the SurrealDB process can automatically restart after a crash.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.