Denial of Service Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2024-58358
6.9MEDIUM
What is CVE-2024-58358?
SurrealDB versions prior to 2.1.0 are susceptible to a denial of service attack stemming from role conversion issues. Privileged owner users can create users assigned with roles that do not exist. If an attacker gains access and signs in using such an invalid role, it can result in an uncaught panic, consequently crashing the server. This vulnerability emphasizes the importance of role management and validation processes in ensuring system stability.
Affected Version(s)
surrealdb 0 < 2.1.0
surrealdb 0 < 2.1.0
surrealdb 2.1.0
