Lucene search
+L

4 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2024-55685

SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service...

7.1CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added yesterday3 views

EUVD-2024-55681

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...

7.1CVSS5.3AI score
Exploits0References2
OSV
OSV
added 2025/04/11 2:8 p.m.3 views

GHSA-3633-G6MG-P6QQ SurrealDB memory exhaustion via string::replace using regex

An authenticated user can craft a query using the string::replace function that uses a Regex to perform a string replacement. As there is a failure to restrict the resulting string length, this enables an attacker to send a string::replace function to the SurrealDB server exhausting all the memor...

7.1CVSS7.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.3 views

PT-2024-40418 · Quickjs +1 · Quickjs +1

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.1.1 rquickjs crate versions prior to 0.4.2 Description: The issue arises from the rquickjs crate used by SurrealDB, which executes scripting functions. The Exception::throw type function in rquickjs takes a strin...

8.5CVSS7.5AI score
Exploits0References5
Rows per page
Query Builder