Back to CVE List

CVE-2024-58366

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.5 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Description

SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-134
Source
NVD
Vendor
surrealdb
Product
surrealdb

External References

Discussion (0)

Add Comment

No comments yet. Be the first!