QwikSec

Security Database

CVE

CWE

Training

CVE-2024-55657

Published: Dec 11, 2024

Modified: Dec 12, 2024

PUBLISHED

Description

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.

Vendor	Product	Versions
siyuan-note	siyuan	affected `< 3.1.16`

Weaknesses (CWE)

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-xx68-37v4-4596

x_refsource_CONFIRM

https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2024-55657 - Security Vulnerability | QwikSec