Back to CVE List

CVE-2024-58361

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Description

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error rendering, crashing the server.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-248
Source
NVD
Vendor
surrealdb
Product
surrealdb

External References

Discussion (0)

Add Comment

No comments yet. Be the first!