CVE-2024-55658 | siyuan-note SiYuan up to 3.1.15 Endpoint exportResources paths path traversal (GHSA-25w9-wqfq-gwqx)

Posted by Angelo Barbosa | Dec 12, 2024 | CVE

A vulnerability was found in siyuan-note SiYuan up to 3.1.15. It has been classified as critical. This affects an unknown part of the file /api/export/exportResources of the component Endpoint. The manipulation of the argument paths leads to path traversal.

This vulnerability is uniquely identified as CVE-2024-55658. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-55658 | siyuan-note SiYuan up to 3.1.15 Endpoint exportResources paths path traversal (GHSA-25w9-wqfq-gwqx)

Related Posts

CVE-2024-26299 | HPE Aruba ClearPass Policy Manager up to 6.9.13/6.10.8/6.11.6/6.12.0 Web-based Management Interface cross site scripting (ARUBA-PSA-2024-001)

CVE-2024-5417 | Gutentor Plugin up to 3.3.5 on WordPress Block Option cross site scripting

CVE-2024-6051 | Vercom Redlink SDK up to 1.13 resource injection

CVE-2023-50723 | XWiki Platform Administration Interface neutralization of directives (GHSA-qj86-p74r-7wp5)