Surrealdb · Surrealdb · CVE-2023-54366
**Name of the Vulnerable Software and Affected Versions**
SurrealDB versions prior to 1.0.1
**Description**
Default table permissions are set to FULL instead of NONE, which allows SELECT, CREATE, UPDATE, and DELETE operations on tables that lack explicit permissions. This allows attackers with database access or unauthenticated users on publicly exposed instances to perform unrestricted operations on unprotected tables within their authorization scope.
**Recommendations**
Update SurrealDB to version 1.0.1 or later.