In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade surrealdb to version 3.1.0-beta.3 or higher.
Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the LIVE query registration process. An attacker can disrupt all CREATE, UPDATE, and DELETE operations on a watched table by registering a specially crafted LIVE query with a WHERE clause that triggers an evaluation error, causing write operations to fail for all users, including those with elevated privileges, until the malicious query is removed or the session ends.
This vulnerability can be mitigated by restricting the ability of untrusted users to register LIVE queries by removing the select permission on tables that should remain writeable, or by gating LIVE registration at the application layer.