B3log Siyuan

SiYuan Note 3.1.18 arbitrary file deletion via /api/history/getDocHistoryContent
CVE-2025-21609 9.1 - Critical - January 03, 2025

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.

Files or Directories Accessible to External Parties

SiYuan Server-Side Template Injection (SSTI) Vulnerability in Sprig Template Engine
CVE-2024-55660 9.8 - Critical - December 12, 2024

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.

Code Injection

SiYuan API Endpoint Arbitrary File Write and Stored XSS Vulnerability
CVE-2024-55659 5.4 - Medium - December 12, 2024

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.

XSS

SiYuan: Arbitrary File Read Vulnerability in /api/export/exportResources Endpoint
CVE-2024-55658 7.5 - High - December 12, 2024

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.

Directory traversal

SiYuan: Arbitrary File Read Vulnerability in Template Render API
CVE-2024-55657 7.5 - High - December 12, 2024

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.

Directory traversal

SQL Injection Vulnerability in Siyuan Note-Taking Application
CVE-2024-53507 - November 29, 2024

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.

Siyuan 3.1.11 SQL Injection Vulnerability in ids Array Parameter
CVE-2024-53506 - November 29, 2024

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.

SQLi in Siyuan 3.1.11 via /getAssetContent ID param
CVE-2024-53505 - November 29, 2024

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.

Siyuan 3.1.11 SQLi in /searchHistory notebook param
CVE-2024-53504 - November 29, 2024

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.

SiYuan 3.1.0 Remote XSS via PDF.js (PDF Handler)
CVE-2024-6938 5.4 - Medium - July 21, 2024

A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability.

XSS

SiYuan 3.0.3 Exec via ServerSide XSS
CVE-2024-2692 9 - Critical - April 04, 2024

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.

XSS