Описание
SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:b3log:siyuan:3.1.15:-:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00535
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
github
около 1 года назад
SiYuan has an arbitrary file write in the host via /api/asset/upload
EPSS
Процентиль: 67%
0.00535
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-22