Количество 2
Количество 2
CVE-2024-55660
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.
GHSA-4pjc-pwgq-q9jp
SiYuan has an SSTI via /api/template/renderSprig
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-55660 SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue. | CVSS3: 9.8 | 1% Низкий | около 1 года назад |
| GHSA-4pjc-pwgq-q9jp SiYuan has an SSTI via /api/template/renderSprig | 1% Низкий | около 1 года назад |
Уязвимостей на страницу