In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade surrealdb
to version 1.5.5, 2.0.0-beta.3 or higher.
Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) via the SIGNIN
and SIGNUP
operations in the RPC API. An attacker can manipulate the database operations to select, create, update, and delete non-IAM resources with elevated permissions by providing a specially crafted binary object containing a subquery instead of valid credentials. This is only exploitable if a record access method was defined with SIGNIN
or SIGNUP
queries and the SurrealDB RPC API was exposed to untrusted users.
This vulnerability can be mitigated by disallowing access to the SurrealDB RPC API using the affected binary serialization formats by conservatively allowing only requests to the /rpc
endpoint of the SurrealDB HTTP server with the application/json
content type. Alternatively, record access methods that define SIGNIN
and SIGNUP
clauses may be temporarily removed to completely prevent potential attacks leveraging this issue.