SurrealDB
- < 1.1.1
A denial-of-service vulnerability has been identified in SurrealDB versions prior to 1.1.1. The issue arises because the database fails to properly validate the invocation of custom parameters and functions at the root or namespace levels. Authorized clients can exploit this flaw by invoking these entities at unsupported levels, leading to a server panic and causing the SurrealDB server to crash.
Exploiting this vulnerability causes a server panic, crashing the SurrealDB server and leading to a denial-of-service condition.
Users can update to SurrealDB version 1.1.1 or later to address this vulnerability. Those unable to update may want to limit untrusted users' ability to run arbitrary SurrealQL queries at the root or namespace level, and ensure that the SurrealDB process can be automatically restarted after a crash.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.