Headline

GHSA-xx68-37v4-4596: SiYuan has an arbitrary file read via /api/template/render

Summary

An arbitrary file read vulnerability exists in Siyuan’s /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system.

Impact

Arbitrary file read on the host

30 days ago

ghsa

Open in Source

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2024-55657

SiYuan has an arbitrary file read via /api/template/render

High severity GitHub Reviewed Published Dec 11, 2024 in siyuan-note/siyuan • Updated Dec 11, 2024

Package

gomod github.com/siyuan-note/siyuan/kernel (Go)

Affected versions

<= 0.0.0-20241210012039-5129ad926a21

Summary

Impact

Arbitrary file read on the host

References

GHSA-xx68-37v4-4596
siyuan-note/siyuan@e70ed57

Published to the GitHub Advisory Database

Dec 11, 2024

Last updated

Dec 11, 2024

ghsa: Latest News

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

1 day ago

ghsa

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

1 day ago

ghsa

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

1 day ago

ghsa

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

1 day ago

ghsa

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

1 day ago

ghsa