Summary
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
SurrealDB offers http functions that can access external network endpoints. A typical, albeit not recommended configuration would be to start SurrealDB with all network connections allowed with the exception of a deny list. For example, surreal start --allow-net --deny-net 10.0.0.0/8 will allow all network connections except to the 10.0.0.0/8 block.
An authenticated user of SurrealDB can use redirects to bypass this restriction. For example by hosting a server on the public internet which redirects to the IP addresses blocked by the administrator of the SurrealDB server via HTTP 301 or 307 response codes.
When sending SurrealDB statements containing the http::* functions to the attacker controlled host, the SurrealDB server will follow the redirects to the blocked IP address. Because the statements also return the responses to the attacker, this issue constitutes a full SSRF vulnerability.
This issue was discovered and patched during an code audit and penetration test of SurrealDB by cure53, the severity as defined within cure53's preliminary finding is Medium, matched by our CVSS v4 assessment.
Workarounds
The possibility of this vulnerability being exploited can be reduced by following an allowlist approach to enabling the http capability surreal start --allow-net 10.0.0.0/8 or using the equivalent SURREAL_CAPS_ALLOW_NET environment variable, where endpoints allowed are fully trusted and are not controlled by regular users.
The network access capability can be disabled, using --deny-net or the equivalent SURREAL_CAPS_DENY_NET environment variable without specifying targets, with impact to SurrealDB functionality.
As the impact of this vulnerability depends on the security of the deployment environment of SurrealDB, best practices should be followed within that environment.
References
#5597
SurrealDB Documentation - Environment Variables
SurrealDB Documentation - Capabilities
SurrealDB Documentation - Network Access Capability
Impact
The impact of this vulnerability is circumvention of the --deny-net capability and resulting impact on systems external to SurrealDB. The ultimate impact is dependent on the deployment scenario.
For example, if the SurrealDB server blocks requests to internal and private IP addresses because they run services which don't require authentication, such as AWS deployments using IMDSv1, the attacker can access these internal endpoints directly, and potentially retrieve or even alter sensitive information and credentials.
The circumvention could also be used to redirect traffic to the SurrealDB port, providing a low level of impact to availability.
Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside. Typical impact: access to internal metadata services, internal APIs, or cloud credentials.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
A patch has been created that adds an HTTP redirect limit, and checks HTTP redirects against allowed network targets, preventing redirections to disallowed uri's.
- Versions 2.0.5, 2.1.5, 2.2.2 and later are not affected by this issue.
Frequently Asked Questions
- What is GHSA-5Q9X-554G-9JGG? GHSA-5Q9X-554G-9JGG is a medium-severity server-side request forgery (SSRF) vulnerability in surrealdb (rust), affecting versions >= 2.2.0, < 2.2.2. It is fixed in 2.2.2, 2.1.5, 2.0.5. Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside.
- Which versions of surrealdb are affected by GHSA-5Q9X-554G-9JGG? surrealdb (rust) versions >= 2.2.0, < 2.2.2 is affected.
- Is there a fix for GHSA-5Q9X-554G-9JGG? Yes. GHSA-5Q9X-554G-9JGG is fixed in 2.2.2, 2.1.5, 2.0.5. Upgrade to this version or later.
- Is GHSA-5Q9X-554G-9JGG exploitable, and should I be worried? Whether GHSA-5Q9X-554G-9JGG is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether GHSA-5Q9X-554G-9JGG is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix GHSA-5Q9X-554G-9JGG?
- Upgrade
surrealdbto 2.2.2 or later - Upgrade
surrealdbto 2.1.5 or later - Upgrade
surrealdbto 2.0.5 or later
- Upgrade