GHSA-4PJC-PWGQ-Q9JP SiYuan has an SSTI via /api/template/renderSprig
Summary Siyuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables Impact Information leakage...