SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal sequences such as ../ into the id value to escape the intended directory and delete arbitrary .json files on the server, including global configuration files and workspace metadata. This issue has been fixed in version 3.6.4.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

路径遍历：’../filedir’

SiYuan 安全漏洞

SiYuan是SiYuan开源的一个个人知识管理系统。 SiYuan 3.6.3及之前版本存在安全漏洞，该漏洞源于/api/av/removeUnusedAttributeView端点使用用户控制的id参数构造文件系统路径而未经验证或路径边界强制，攻击者可注入路径遍历序列以删除服务器上的任意.json文件。

N/A

N/A