7 matches found
CVE-2024-58362
SurrealDB vulnerability CVE-2024-58362 affects prior releases (before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3) where an arbitrary object can be accepted in signin/signup via the RPC API without recursive validation for non-computed values. An unauthenticated attacker could encode a binary object...
EUVD-2024-55678
SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...
Cryptonic (>=0.1.0 <=0.1.2), IMAPServer (=0.1.0) +6348 more potentially affected by unknown CVE via bincode (>=0.0.1 <=3.0.0)
bincode CARGO version =0.0.1, =0.1.0, =0.19.0, =0.4.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0141...
RUSTSEC-2025-0141 Bincode is unmaintained
Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently. The team considers version 1.3.3 a complete version of bincode that is not in need of any updates. Alternatives to consider wincode postcard bitcode rkyv...
Untrusted Query Object Evaluation in RPC API
During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted in order to support a wide array of types and structures that could contain user credentials. This arbitrary object could potentially contain any SurrealDB value, including an object...
GHSA-64F8-PJGR-9WMR Untrusted Query Object Evaluation in RPC API
During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted in order to support a wide array of types and structures that could contain user credentials. This arbitrary object could potentially contain any SurrealDB value, including an object...
bencode (>=0.1.1 <=0.1.8), bincode (>=0.0.3 <=0.0.9) +49 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.22)
rustc-serialize CARGO version =0.1.5, =0.1.1, =0.0.3, =0.1.12, =0.1.2, =0.5.3, =0.5.2, =0.5.1, =0.1.4, =0.1.8, =0.6.41, =0.6.42 - docoptmacros =0.6.42 - email =0.0.9 - envelope =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2226-4V3C-CFF8...