Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 2.1.0

Description The issue arises from the rand::time() function in SurrealQL, which can potentially return None and cause a panic when unwrap is called, leading to a denial of service. An authorized client can make repeated calls to rand::time() to trigger a panic and crash the server.

Recommendations For versions prior to 2.1.0, consider limiting the ability of untrusted clients to run the rand::time() function using security capabilities to minimize the impact of the denial of service. Additionally, ensure that the SurrealDB process is configured to automatically restart after a crash. At the moment, there is no information about other mitigation measures for this vulnerability.