Описание
SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:b3log:siyuan:3.1.15:-:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00192
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
8 месяцев назад
SiYuan has an arbitrary file read via /api/template/render
EPSS
Процентиль: 41%
0.00192
Низкий
7.5 High
CVSS3
Дефекты
CWE-22