Headline

GHSA-xx68-37v4-4596: SiYuan has an arbitrary file read via /api/template/render

Summary

An arbitrary file read vulnerability exists in Siyuan’s /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system.

Impact

Arbitrary file read on the host

7 hours ago

ghsa

Open in Source

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2024-55657

SiYuan has an arbitrary file read via /api/template/render

High severity GitHub Reviewed Published Dec 11, 2024 in siyuan-note/siyuan • Updated Dec 11, 2024

Package

gomod github.com/siyuan-note/siyuan/kernel (Go)

Affected versions

<= 0.0.0-20241210012039-5129ad926a21

Summary

Impact

Arbitrary file read on the host

References

GHSA-xx68-37v4-4596
siyuan-note/siyuan@e70ed57

Published to the GitHub Advisory Database

Dec 11, 2024

Last updated

Dec 11, 2024

ghsa: Latest News

GHSA-v778-237x-gjrc: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

3 hours ago

ghsa

GHSA-753p-wrj5-g8fj: PQClean has a correctness error in HQC decapsulation

4 hours ago

ghsa

GHSA-xx68-37v4-4596: SiYuan has an arbitrary file read via /api/template/render

7 hours ago

ghsa

GHSA-25w9-wqfq-gwqx: SiYuan has an arbitrary file read and path traversal via /api/export/exportResources

7 hours ago

ghsa

GHSA-fqj6-whhx-47p7: SiYuan has an arbitrary file write in the host via /api/asset/upload

7 hours ago

ghsa