GHSA-m24x-r6q3-2vp9: Uncaught Exception processing HTTP Headers in SurrealDB

January 18, 2024

The ID, DB and NS headers accepted by the SurrealDB HTTP REST API would fail to parse when containing some special characters. This would cause a panic which would crash the SurrealDB server, leading to denial of service.

This issue only affects the SurrealDB binary; it does not affect the SurrealDB library.

References

github.com/advisories/GHSA-m24x-r6q3-2vp9
github.com/surrealdb/surrealdb
github.com/surrealdb/surrealdb/commit/a70ddb2e2aed2453730b81781e426486247609cb
github.com/surrealdb/surrealdb/pull/2985
github.com/surrealdb/surrealdb/security/advisories/GHSA-m24x-r6q3-2vp9

Detect and mitigate GHSA-m24x-r6q3-2vp9 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →