Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some security vulnerabilities #13426

Closed
3 tasks done
Elleuch-x1 opened this issue Dec 10, 2024 · 1 comment
Closed
3 tasks done

Some security vulnerabilities #13426

Elleuch-x1 opened this issue Dec 10, 2024 · 1 comment
Assignees
@88250
Labels
Bug
Milestone
3.1.16

Comments

@Elleuch-x1
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Can the issue be reproduced with the default theme (daylight/midnight)?

  • I was able to reproduce the issue with the default theme

Could the issue be due to extensions?

  • I've ruled out the possibility that the extension is causing the problem.

Describe the problem

As requested from the maintainer, here's the titles of the vulnerabilities:

  • Arbitrary file read via /api/template/render
  • Arbitrary file read via path traversal in /api/export/exportResources
  • Stored XSS via /upload
  • Stored XSS and arbitrary file write in the host via /api/asset/upload
  • Limited SSTI via /api/template/renderSprig

Expected result

n/a

Screenshot or screen recording presentation

No response

Version environment

Latest version

Log file

n/a

More information

The details has been sent to the maintainer
@88250 88250 self-assigned this Dec 10, 2024
@88250 88250 added the Bug label Dec 10, 2024
@88250 88250 added this to the 3.1.16 milestone Dec 10, 2024
@88250 88250 changed the title Bug Reports Some security vulnerabilities Dec 10, 2024
@88250
Copy link
Member

88250 commented Dec 11, 2024
edited
Loading

Confirmed:

  • Arbitrary file read via /api/template/render
  • Arbitrary file read via path traversal in /api/export/exportResources
  • Stored XSS and arbitrary file write in the host via /api/asset/upload
  • SSTI via /api/template/renderSprig

Not considered as vulnerabilities:

  • Stored XSS via /upload
    The upload interface can upload any file without checking the file content. If the uploaded file can be opened in SiYuan and causes XSS, please provide more details.

88250 added a commit that referenced this issue Dec 11, 2024
@88250
🔒 Some security vulnerabilities #13426
e70ed57
@88250 88250 closed this as completed Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

Labels
Bug
Projects
None yet
Milestone
3.1.16
Development

No branches or pull requests
2 participants
@88250 @Elleuch-x1