漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SiYuan has a File Read Interface Case Bypass Vulnerability
Vulnerability Description
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files. This vulnerability is fixed in 3.5.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SiYuan 路径遍历漏洞
Vulnerability Description
SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.5.5之前版本存在路径遍历漏洞,该漏洞源于/api/file/getFile端点使用区分大小写的字符串相等检查,在大小写不敏感的文件系统上可能被绕过,导致读取受保护的配置文件。
CVSS Information
N/A
Vulnerability Type
N/A