Product
A high-severity format string vulnerability, CVE-2024-58366, exists in SurrealDB versions before 1.1.1 within the `rquickjs Exception::throw_type` function, allowing attackers with scripting privileges to achieve arbitrary memory reading or remote code execution with SurrealDB process privileges by injecting malicious format string sequences into error inputs.