CVE-2024-58366
HIGH
8.5
CVSS 3.1
Description
SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges.
Metadata
Severity & Metrics
8.5
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| surrealdb | surrealdb | — | 0 < 1.1.1, 1.1.1 |
| surrealdb | surrealdb | — | 0 < 0.4.2, 0.4.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-134 | cna | Use of Externally-Controlled Format String |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.0 | CRITICAL | 4.0 | cna | CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 8.5 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
References (2)
- GitHub Security Advisory (GHSA-q3gg-m8hr-h4x4) https://github.com/surrealdb/surrealdb/security/advisories/GHSA-q3gg-m8hr-h4x4
- VulnCheck Advisory: SurrealDB before 1.1.1 Format String via Scripting Functions https://www.vulncheck.com/advisories/surrealdb-before-format-string-via-scripting-functions