SurrealDB
- < 2.2.2
- < 2.1.5
- < 2.0.5
A server-side request forgery (SSRF) vulnerability has been identified in SurrealDB versions prior to 2.2.2. The issue arises because the database fails to properly validate HTTP redirects in its HTTP functions. This flaw enables authenticated users to circumvent deny-net restrictions by redirecting to blocked IP addresses. Attackers can exploit this by hosting a public server that redirects to denied network targets, thereby accessing internal endpoints and potentially retrieving sensitive information.
Exploitation of this vulnerability allows for the bypass of deny-net restrictions, enabling access to internal endpoints that could be exploited to retrieve or alter sensitive information. Additionally, if redirected traffic reaches the SurrealDB port, it could disrupt availability.
Users can update to SurrealDB versions 2.2.2, 2.1.5, or 2.0.5 to address this vulnerability. For those unable to update, the deny-net capability can be used to block access to internal and private IP addresses, or an allowlist approach can be adopted by specifying trusted endpoints.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.