Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 1.1.1 rquickjs crate versions prior to 0.4.2

Description The issue arises from the rquickjs crate used by SurrealDB, which executes scripting functions. The Exception::throw type function in rquickjs takes a string and returns an error object. In versions prior to 0.4.2, this string is fed directly into printf, leading to undefined behavior when the input contains format strings like %s or %d. This can be exploited by an attacker with privileges to execute scripting functions, potentially allowing them to read arbitrary memory or execute arbitrary code with the privileges of the SurrealDB process.

Recommendations For SurrealDB versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. For rquickjs crate versions prior to 0.4.2, update to version 0.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to scripting functions by removing the scripting capability with --deny-scripting or equivalent environment variable SURREAL CAPS DENY SCRIPT=true, or limit network access to trusted users.