In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade surrealdb to version 3.1.0-beta.1 or higher.
Affected versions of this package are vulnerable to Uncontrolled Recursion in the parse_concrete_kind process. An attacker can cause the server to exhaust memory and crash by submitting queries with deeply nested type annotations through the WebSocket endpoint. This is only exploitable if the attacker is authenticated and has privileges to execute arbitrary queries via WebSocket /rpc.
This vulnerability can be mitigated by restricting untrusted users from executing arbitrary queries using the --deny-arbitrary-query capability flag or by disabling untrusted access to the WebSocket /rpc endpoint.