logo

Database

Lack of data validation - Path Traversal In github.com/siyuan-note/siyuan/kernel

Description

SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service

Summary

In SiYuan, /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/*path, which only requires authentication, a publish-service visitor can cause the desktop kernel to copy any readable sensitive file and then read it via GET, leading to exfiltration of sensitive files.

Details

1. Arbitrary local files copied into workspace

    Endpoint: POST /api/lute/html2BlockDOM, protected only by model.CheckAuth; publish read-only role is not restricted.

    Behavior: On desktop (util.ContainerStd == model.Conf.System.Container), local absolute paths from <a href="file://..."> in the HTML are copied to {DataDir}/assets/.

    Missing check: The code does not call util.IsSensitivePath(localPath) before copying, so any readable file (e.g. /etc/passwd, ~/.ssh/id_rsa) can be copied into assets.

2. Direct access to assets via GET

    Endpoint: GET /assets/*path (kernel/server/serve.go), protected only by model.CheckAuth; no publish-scope or admin check.

    Behavior: The path is resolved with model.GetAssetAbsPath("assets" + path) and the file is served with http.ServeFile; any authenticated request (including publish visitors) can access existing asset files.

    Attack chain: The visitor calls html2BlockDOM to copy a sensitive file into data/assets/, extracts data-href="assets/xxx" from the returned DOM, then requests GET /assets/xxx to retrieve the file content.

PoC

// Run in the browser devtools console while on the SiYuan publish service
(async () => {
  try {
    // Paths below fall under util.IsSensitivePath prefixes (/etc, c:\windows\system32)
    const sensitiveFiles = [
      'file:///etc/passwd',
      'file:///etc/group',
      'file:///C:/Windows/System32/drivers/etc/hosts',...

Impact

With only normal authentication, an attacker can bypass intended directory restrictions and read any sensitive file that the process can read on the desktop user’s machine (e.g. system account data, network configuration, credential configs), compromising confidentiality of sensitive data and the runtime environment.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2026-329382. NVD-2026-329383. OSV-2026-329384. GHSA-fq2j-j8hc-8vw85. GCVE-2026-32938

References

1. https://github.com/siyuan-note/siyuan/security/advisories/GHSA-fq2j-j8hc-8vw82. https://github.com/siyuan-note/siyuan/commit/294b8b429dea152cd1df522cddf406054c1619ad3. https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.