4 matches found
CVE-2026-40318 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...
SiYuan 安全漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /api/av/removeUnusedAttributeView endpoint, which was only protected by general authentication...
SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
Summary The endpoint /api/av/removeUnusedAttributeView is vulnerable to a path traversal CWE-22 that allows an attacker to delete arbitrary .json files on the server. The issue arises because user-controlled input id is directly used in filesystem path construction without validation or...
SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`
Summary An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view AV definition files from the workspace. The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler...