216.73.217.24

CVE-2024-55660

· Published 12/12/2024 02:15 · Modified 12/12/2024 02:15

Labels: CVE-2024-55660 2024-12-12CVE-2024-55660CWE-1336[email protected]

Essential information

Published
12/12/2024 02:15
Modified
12/12/2024 02:15
Author
Creator
CISA KEV
No
CWE

Description

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References