Advisory Database
  • Advisories
  • Dependency Scanning
  1. cargo
  2. ›
  3. surrealdb
  4. ›
  5. GHSA-97vg-427p-8hx5

GHSA-97vg-427p-8hx5: SurrealDB: Port-specific --deny-net rules silently bypassed on HTTP redirect

July 1, 2026

SurrealDB offers http::* functions that can access external network endpoints, with the --allow-net and --deny-net capabilities used to restrict the set of network targets that can be reached. An authenticated user of SurrealDB can bypass a port-scoped --deny-net <host>:<port> rule by chaining an HTTP redirect: the initial request goes to an --allow-net-permitted hostname, the response’s 3xx Location header points at the denied host:port, and the redirect is followed even though the destination was explicitly denied.

The root cause is in the redirect policy applied to outbound HTTP requests (surrealdb/core/src/fnc/util/http/mod.rs): the NetTarget for the redirect destination is built from url.host_str() alone and url.port() is dropped. The capability matcher (surrealdb/core/src/dbs/capabilities.rs:259-264) refuses to match a port-bearing rule against a port-stripped target (Self::Host(host, Some(port)) => match tgt { _ => false }), so the operator’s port-scoped deny rule silently does not fire on the redirect target.

References

  • github.com/advisories/GHSA-97vg-427p-8hx5
  • github.com/surrealdb/surrealdb/commit/https://github.com/surrealdb/surrealdb/commit/ceb1ca3a1
  • github.com/surrealdb/surrealdb/security/advisories/GHSA-97vg-427p-8hx5

Code Behaviors & Features

Detect and mitigate GHSA-97vg-427p-8hx5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 3.1.0

Fixed versions

  • 3.1.0

Solution

Upgrade to version 3.1.0 or above.

Impact 6.4 MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Learn more about CVSS

Weakness

  • CWE-918: Server-Side Request Forgery (SSRF)

Source file

cargo/surrealdb/GHSA-97vg-427p-8hx5.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 02 Jul 2026 12:22:15 +0000.