GHSA-jm4v-58r5-66hj: Uncaught Exception in surrealdb

January 18, 2024

Although custom parameters and functions are only supported at the database level, it was allowed to invoke those entities at the root or namespace level. This would cause a panic which would crash the SurrealDB server, leading to denial of service.

References

github.com/advisories/GHSA-jm4v-58r5-66hj
github.com/surrealdb/surrealdb
github.com/surrealdb/surrealdb/commit/618a4d1b422df0d12772532bb2c195f830b40399
github.com/surrealdb/surrealdb/security/advisories/GHSA-jm4v-58r5-66hj

Code Behaviors & Features

Detect and mitigate GHSA-jm4v-58r5-66hj with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →