Lucene search
+L

8 matches found

NVD
NVD
added 7 hours ago6 views

CVE-2024-58366

SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throwtype function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges...

9CVSS
Exploits0References2
CVE
CVE
added 8 hours ago7 views

CVE-2024-58366

SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges...

9CVSS5.6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 8 hours ago4 views

CVE-2024-58366

SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throwtype function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges...

9CVSS5.6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago5 views

EUVD-2024-55682

SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throwtype function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges...

9CVSS5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 21 hours ago4 views

PT-2026-60946

SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw type function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges...

9CVSS5.6AI score
Exploits0References3
OSV
OSV
added 2024/02/21 12:4 a.m.9 views

GHSA-Q3GG-M8HR-H4X4 Externally Controlled Format String in Scripting Functions

The rquickjs crate used by SurrealDB implements Rust bindings to the QuickJS C library and is used to execute SurrealDB scripting functions. The rquickjs function Exception::throwtype takes a string and returns an error object. Prior to version 0.4.2 of the crate, this string would be fed directl...

8.5CVSS8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/02/21 12:4 a.m.12 views

Externally Controlled Format String in Scripting Functions

The rquickjs crate used by SurrealDB implements Rust bindings to the QuickJS C library and is used to execute SurrealDB scripting functions. The rquickjs function Exception::throwtype takes a string and returns an error object. Prior to version 0.4.2 of the crate, this string would be fed directl...

8AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.3 views

PT-2024-40418 · Quickjs +1 · Quickjs +1

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.1.1 rquickjs crate versions prior to 0.4.2 Description: The issue arises from the rquickjs crate used by SurrealDB, which executes scripting functions. The Exception::throw type function in rquickjs takes a strin...

8.5CVSS7.5AI score
Exploits0References5
Rows per page
Query Builder