SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter — GHSA-CC8F-FCX3-GPJR
GitHub · GitHub · GHSA-CC8F-FCX3-GPJR
ID
GHSA-CC8F-FCX3-GPJR
GHSA-CC8F-FCX3-GPJR
Date
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
high
high
CVSS
7.7
7.7
Summary
SurrealDB's full-text search lets you define a text analyzer whose `mapper` filter loads a term-mapping file from disk (`DEFINE ANALYZER ... FILTERS mapper('<path>')`). A database user with the `EDITOR` or `OWNER` role could point that filter at any file the SurrealDB process can read and have its content returned in the query's error message. File access is meant to be restricted by the `SURREAL_FILE_ALLOWLIST`…
Product
rust: surrealdb
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.