Server-side Template Injection (SSTI)

SiYuan is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of templates in the /api/template/renderSprig endpoint, allowing attackers to access environment variables through the Sprig template engine...

RHCOS 4 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. - golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24534 - golang: net/http,...