Metrics
Affected Vendors & Products
Wed, 14 May 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
B3log
B3log siyuan |
|
CPEs | cpe:2.3:a:b3log:siyuan:3.1.18:-:*:*:*:*:*:* | |
Vendors & Products |
B3log
B3log siyuan |
|
Metrics |
cvssV3_1
|
Fri, 03 Jan 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 03 Jan 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19. | |
Title | SiYuan has an arbitrary file deletion vulnerability | |
Weaknesses | CWE-459 CWE-552 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-01-03T17:14:23.915Z
Reserved: 2024-12-29T03:00:24.712Z
Link: CVE-2025-21609

Updated: 2025-01-03T17:14:16.382Z

Status : Analyzed
Published: 2025-01-03T17:15:09.147
Modified: 2025-05-14T14:39:30.277
Link: CVE-2025-21609

No data.

No data.