Vendor
SurrealDB HTTP /rpc Session Hijack Vulnerability
5 TTPsA critical vulnerability (versions prior to 3.1.0) in SurrealDB's HTTP /rpc endpoint allowed unauthenticated attackers to enumerate session UUIDs via the `sessions` method, enabling full session hijack of any attached and authenticated session due to a lack of ownership checks, leading to unauthorized data manipulation and privilege escalation.
SurrealDB HTTP RPC Session Race Condition Allows Privilege Escalation
1 TTPAn unauthenticated time-of-check/time-of-use (TOCTOU) race condition exists in the HTTP /rpc endpoint of SurrealDB versions prior to 3.1.0, allowing an attacker to inherit the session and privileges of an authenticated user by sending concurrent requests, potentially leading to full control over the database if a highly privileged session is hijacked.
SurrealDB Denial of Service Vulnerability via JSON Parser (GHSA-q729-696q-g9pq)
1 TTPAn unauthenticated remote attacker can exploit a Denial of Service vulnerability (GHSA-q729-696q-g9pq) in SurrealDB's value and JSON parser, which failed to enforce recursion depth limits when processing deeply nested JSON payloads sent to the WebSocket /rpc endpoint, leading to server memory exhaustion and process crashes.