3 matches found
CVE-2024-58362
SurrealDB vulnerability CVE-2024-58362 affects prior releases (before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3) where an arbitrary object can be accepted in signin/signup via the RPC API without recursive validation for non-computed values. An unauthenticated attacker could encode a binary object...
EUVD-2024-55678
SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...
CVE-2024-58362 SurrealDB before 1.5.5 Query Injection via RPC API
SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...