Home > Vulnerability Database > CVE-2024-55658

Mend.io Vulnerability Database

CVE-2024-55658

Date: December 11, 2024

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.

Language: Go

Severity Score

7.5

Related Resources (6)

Url: https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71

Url: https://pkg.go.dev/vuln/GO-2024-3323

Url: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-25w9-wqfq-gwqx

Url: https://github.com/siyuan-note/siyuan

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55658

Url: https://www.mend.io/vulnerability-database/CVE-2024-55658

Severity Score

7.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55658

Date: December 11, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?