SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README
Description
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: < 3.6.1
Patches
Vulnerability mechanics
Root cause
"Missing HTML sanitization of package metadata and README content in the Bazaar marketplace, combined with Electron's nodeIntegration setting, allows XSS to escalate to remote code execution."
Attack vector
An attacker publishes a malicious package to the SiYuan Bazaar marketplace with XSS payloads embedded in the package `displayName`, `description`, or `README.md` fields [ref_id=1]. When any user browses the Bazaar listing page, the metadata payload executes automatically (zero-click) because the template literal interpolation does not escape HTML [CWE-79]. If the user clicks to view the package README, the `renderREADME` function renders raw HTML without sanitization and the frontend assigns it to `innerHTML`, triggering a second XSS vector (one-click) [ref_id=1]. Because Electron runs with `nodeIntegration: true` and `contextIsolation: false`, the injected JavaScript can call `require('child_process').exec()` to execute arbitrary OS commands, achieving full remote code execution.
Affected code
The vulnerability spans three locations: metadata rendering in `app/src/config/bazaar.ts:275-277` where `displayName` and `description` are injected into HTML without escaping; the backend README renderer in `kernel/bazaar/package.go:635-645` which creates a Lute engine without calling `SetSanitize(true)`; and the frontend README display in `app/src/config/bazaar.ts:607` which assigns unsanitized HTML to `innerHTML`. The Electron configuration at `app/electron/main.js:422-426` enables `nodeIntegration: true`, which turns the XSS into full RCE.
What the fix does
The patch must address three gaps. First, user-controlled metadata (`displayName`, `description`) must be passed through an HTML-escape function before being interpolated into template literals in `bazaar.ts` [ref_id=1]. Second, the Lute engine instance in `package.go` must call `SetSanitize(true)` so that raw HTML embedded in markdown is stripped during the `Md2HTML` conversion, matching the behavior already used in the note renderer at `kernel/util/lute.go:81` [ref_id=1]. Third, as a long-term hardening measure, the Electron `webPreferences` should disable `nodeIntegration` and enable `contextIsolation` and `sandbox` to prevent XSS from escalating to RCE even if a sanitization bypass occurs.
Preconditions
- authAttacker must have a GitHub account and submit a plugin/theme/template to the SiYuan Bazaar marketplace
- inputVictim must browse the Bazaar page (zero-click) or click on a package to view its README (one-click)
- configElectron must be configured with nodeIntegration: true and contextIsolation: false (default in affected versions)
Generated on Jun 22, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/siyuan-note/siyuan/security/advisories/GHSA-v3mg-9v85-fcm7mitrevendor-advisory
- www.vulncheck.com/advisories/siyuan-remote-code-execution-via-malicious-bazaar-package-metadata-and-readmemitrethird-party-advisory
News mentions
0No linked articles in our index yet.