GO-2024-3326 SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel

SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel...

CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

SiYuan 路径遍历漏洞

SiYuan is a privacy-first personal knowledge management system from SiYuan open source. A path traversal vulnerability exists in SiYuan versions prior to 3.1.16, which stems from vulnerability to cross-site scripting attacks that write to and store arbitrary files on the host...

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

GHSA-FQJ6-WHHX-47P7 SiYuan has an arbitrary file write in the host via /api/asset/upload

Summary The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS via the file write. Impact Arbitrary file write...

SiYuan has an arbitrary file write in the host via /api/asset/upload

Summary The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS via the file write. Impact Arbitrary file write...

PT-2024-36573 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: Siyuan versions prior to 3.1.16 Description: Siyuan is a personal knowledge management system. The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored Cross-Site Scripting via the file write...

luigi Arbitrary File Write via Archive Extraction (Zip Slip)

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

PYSEC-2024-159

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

CVE-2024-21542 affects luigi before 3.6.0, vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) caused by improper destination file path validation in the _extract_packages_archive function. A malicious zip can traverse paths to overwrite arbitrary files outside the target directo...

Luigi 安全漏洞

Luigi is a Python package open-sourced by Spotify that helps build complex pipelines of batch jobs. A security vulnerability exists in Luigi versions prior to 3.6.0, which stems from incorrect validation of the destination file path in the extractpackagesarchive function, leaving it vulnerable to...

Cisco Unified Computing System Unrestricted Upload of File with Dangerous Type (CVE-2017-12332)

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

CVE-2024-49421

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location...

CVE-2024-49421

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location...