CVE-2024-58359
MEDIUM
NVD
CVSS Score
6.5
Severity
MEDIUM
Published
Jul 18, 2026
Vendor
unknown
Description
SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand() clause. Authorized clients can execute queries with ORDER BY rand() to trigger a panic in the sorting function, crashing the server.