2 matches found
CVE-2024-58367
SurrealDB before 2.0.4 has an improper authorization flaw in field permissions during SELECT, UPDATE, and DELETE, allowing an authorized user to leak protected field values through techniques such as SELECT VALUE, field aliasing, function arguments, WHERE filters, RETURN BEFORE, and SET clause re...
CVE-2024-58367
SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function argument...