漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SiYuan has an arbitrary file write in the host via /api/asset/upload
Vulnerability Description
SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SiYuan 路径遍历漏洞
Vulnerability Description
SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.1.16之前版本存在路径遍历漏洞,该漏洞源于容易受到向主机任意文件写入和存储的跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A