exploitDog

CVE-2024-55660

Опубликовано: 12 дек. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:b3log:siyuan:3.1.15:-:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00539

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1336

CWE-94

Связанные уязвимости

GHSA-4pjc-pwgq-q9jp

github

около 1 года назад

SiYuan has an SSTI via /api/template/renderSprig

EPSS

Процентиль: 67%

0.00539

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1336

CWE-94