Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 1.1.1

Description The issue allows authorized clients to invoke custom parameters and functions at the root or namespace level, causing a panic that crashes the SurrealDB server, leading to denial of service. This can be exploited by running a query that invokes a parameter or a function at the root or namespace level.

Recommendations For versions prior to 1.1.1, limit the ability of untrusted users to run arbitrary SurrealQL queries to the database level to minimize the impact of the denial of service. Additionally, ensure that the SurrealDB process is configured to automatically restart after a crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability, however, it is mentioned that version 1.1.1 and later are not affected by this issue.