Surrealdb · Surrealdb · CVE-2024-58356
**Name of the Vulnerable Software and Affected Versions**
SurrealDB versions prior to 2.1.4
**Description**
An issue exists where the system silently fails to overwrite table definitions when the `DEFINE TABLE ... OVERWRITE` clause is applied to tables defined with `TYPE RELATION`. Since table definitions incorporate the `PERMISSIONS` clause, attempts to restrict access by tightening permissions via the overwrite process are not executed. This may lead administrators to believe security changes were applied while authorized clients maintain access to data that should have been restricted.
**Recommendations**
Update SurrealDB to version 2.1.4 or later.