GHSA-m52v-24p8-654f: SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Sorting table records using an ORDER BY clause with the rand() function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81.
References
- github.com/advisories/GHSA-m52v-24p8-654f
- github.com/surrealdb/surrealdb
- github.com/surrealdb/surrealdb/issues/4969
- github.com/surrealdb/surrealdb/pull/4805
- github.com/surrealdb/surrealdb/pull/4906
- github.com/surrealdb/surrealdb/pull/4989
- github.com/surrealdb/surrealdb/security/advisories/GHSA-m52v-24p8-654f
Detect and mitigate GHSA-m52v-24p8-654f with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →