QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-55658

Back to search

CVE-2024-55658

Published: Dec 11, 2024

Modified: Dec 12, 2024

PUBLISHED

Description

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.

VendorProductVersions

siyuan-note

siyuan

affected
< 3.1.16

Weaknesses (CWE)

CWE-22

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now