CVE-2024-55660 | siyuan-note SiYuan up to 3.1.15 Environment Variable renderSprig special elements used in a template engine (GHSA-4pjc-pwgq-q9jp)

Posted by Angelo Barbosa | Dec 12, 2024 | CVE

A vulnerability was found in siyuan-note SiYuan up to 3.1.15 and classified as problematic. Affected by this issue is some unknown functionality of the file /api/template/renderSprig of the component Environment Variable Handler. The manipulation leads to improper neutralization of special elements used in a template engine.

This vulnerability is handled as CVE-2024-55660. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-55660 | siyuan-note SiYuan up to 3.1.15 Environment Variable renderSprig special elements used in a template engine (GHSA-4pjc-pwgq-q9jp)

Related Posts

CVE-2024-9991 | Philips Lighting Smart T-Bulb 10 Wi-Fi Network cleartext storage (CIVN-2024-0329)

CVE-2024-0545 | CodeCanyon RISE Rise Ultimate Project Manager 3.5.3 /index.php/signin redirect

CVE-2021-47050 | Linux Kernel up to 5.10.36/5.11.20/5.12.3 renesas-rpc-if platform_get_resource_byname null pointer dereference

CVE-2024-22751 | D-Link DIR-882 FW130B06 sub_477AA0 stack-based overflow