GHSA-h4f5-h82v-5w4r: SurrealDB has an Uncaught Exception in Function Generating Random Time

November 22, 2024

The rand::time() function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of timestamp_opt from the chrono crate, this function could potentially return None in some instances, leading to a panic when unwrap was called on its result in order to return a SurrealQL datetime type to the caller of the function.

References

github.com/advisories/GHSA-h4f5-h82v-5w4r
github.com/surrealdb/surrealdb
github.com/surrealdb/surrealdb/pull/5126
github.com/surrealdb/surrealdb/security/advisories/GHSA-h4f5-h82v-5w4r

Detect and mitigate GHSA-h4f5-h82v-5w4r with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →