Go modules package
github.com/siyuan-note/siyuan/kernel
pkg:golang/github.com/siyuan-note/siyuan/kernel
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55660 | — | <= 0.0.0-20241210012039-5129ad926a21 | — | Dec 11, 2024 | SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access en | ||
| CVE-2024-55659 | — | <= 0.0.0-20241210012039-5129ad926a21 | — | Dec 11, 2024 | SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue. | ||
| CVE-2024-55658 | — | <= 0.0.0-20241210012039-5129ad926a21 | — | Dec 11, 2024 | SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host s | ||
| CVE-2024-55657 | — | <= 0.0.0-20241210012039-5129ad926a21 | — | Dec 11, 2024 | SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system |
- CVE-2024-55660Dec 11, 2024affected <= 0.0.0-20241210012039-5129ad926a21
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access en
- CVE-2024-55659Dec 11, 2024affected <= 0.0.0-20241210012039-5129ad926a21
SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.
- CVE-2024-55658Dec 11, 2024affected <= 0.0.0-20241210012039-5129ad926a21
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host s
- CVE-2024-55657Dec 11, 2024affected <= 0.0.0-20241210012039-5129ad926a21
SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system
Page 3 of 3