GHSA-94C7-G2FJ-7682 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality
Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...