Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
🦀 crates.io

GHSA-5q9x-554g-9jgg

SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)

Published
Apr 11, 2025
Updated
Apr 11, 2025
Affected
3 pkgs
Patched
3 / 3
Exploits
None indexed

Blast Radius

3 pkgs affected
🦀surrealdb🦀surrealdb🦀surrealdb

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects crates.io packages — download data is not available via public APIs for these ecosystems.

Description

SurrealDB offers http functions that can access external network endpoints. A typical, albeit not recommended configuration would be to start SurrealDB with all network connections allowed with the exception of a deny list. For example, surreal start --allow-net --deny-net 10.0.0.0/8 will allow all network connections except to the 10.0.0.0/8 block.

An authenticated user of SurrealDB can use redirects to bypass this restriction. For example by hosting a server on the public internet which redirects to the IP addresses blocked by the administrator of the SurrealDB server via HTTP 301 or 307 response codes.

When sending SurrealDB statements containing the http::* functions to the attacker controlled host, the SurrealDB server will follow the redirects to the blocked IP address. Because the statements also return the responses to the attacker, this issue constitutes a full SSRF vulnerability.

This issue was discovered and patched during an code audit and penetration test of SurrealDB by cure53, the severity as defined within cure53's preliminary finding is Medium, matched by our CVSS v4 assessment.

Impact

The impact of this vulnerability is circumvention of the --deny-net capability and resulting impact on systems external to SurrealDB. The ultimate impact is dependent on the deployment scenario.

For example, if the SurrealDB server blocks requests to internal and private IP addresses because they run services which don't require authentication, such as AWS deployments using IMDSv1, the attacker can access these internal endpoints directly, and potentially retrieve or even alter sensitive information and credentials.

The circumvention could also be used to redirect traffic to the SurrealDB port, providing a low level of impact to availability.

Patches

A patch has been created that adds an HTTP redirect limit, and checks HTTP redirects against allowed network targets, preventing redirections to disallowed uri's.

  • Versions 2.0.5, 2.1.5, 2.2.2 and later are not affected by this issue.

Workarounds

The possibility of this vulnerability being exploited can be reduced by following an allowlist approach to enabling the http capability surreal start --allow-net 10.0.0.0/8 or using the equivalent SURREAL_CAPS_ALLOW_NET environment variable, where endpoints allowed are fully trusted and are not controlled by regular users.

The network access capability can be disabled, using --deny-net or the equivalent SURREAL_CAPS_DENY_NET environment variable without specifying targets, with impact to SurrealDB functionality.

As the impact of this vulnerability depends on the security of the deployment environment of SurrealDB, best practices should be followed within that environment.

References

#5597 SurrealDB Documentation - Environment Variables SurrealDB Documentation - Capabilities SurrealDB Documentation - Network Access Capability

Affected Packages

3 total 3 fixed
EcosystemPackageVulnerable rangeFix
🦀crates.iosurrealdb2.2.0&&< 2.2.22.2.2
🦀crates.iosurrealdb2.1.0&&< 2.1.52.1.5
🦀crates.iosurrealdball versions2.0.5

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for surrealdb. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update surrealdb to 2.2.2 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-5q9x-554g-9jgg is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-5q9x-554g-9jgg is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-5q9x-554g-9jgg. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

SurrealDB offers http functions that can access external network endpoints. A typical, albeit [not recommended ](https://surrealdb.com/docs/surrealdb/reference-guide/security-best-practices#example-deny-all-capabilities-with-some-exceptions) configuration would be to start SurrealDB with all network connections allowed with the exception of a deny list. For example, `surreal start --allow-net --deny-net 10.0.0.0/8` will allow all network connections except to the 10.0.0.0/8 block. An authenticated user of SurrealDB can use redirects to bypass this restriction. For example by hosting a server
O3 Security · Impact-Aware SCA

Is GHSA-5q9x-554g-9jgg in your dependencies?

O3 detects GHSA-5q9x-554g-9jgg across crates.io dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works