CVE-2024-58361

CVE-2024-58361CVE-2024-58361

Description

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error rendering, crashing the server.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Last modified2026-07-18
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.