Affected by GO-2024-3323 and 3 other vulnerabilities

GO-2024-3323: SiYuan has an arbitrary file read and path traversal via /api/export/exportResources in github.com/siyuan-note/siyuan/kernel

GO-2024-3324: SiYuan has an SSTI via /api/template/renderSprig in github.com/siyuan-note/siyuan/kernel

GO-2024-3326: SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel

GO-2024-3327: SiYuan has an arbitrary file read via /api/template/render in github.com/siyuan-note/siyuan/kernel

api

package

v0.0.0-...-adc8199 Latest Latest Go to latest Published: Dec 31, 2024 License: AGPL-3.0 Imports: 50 Imported by: 1

Details

This section is empty.

View Source

var (
	BroadcastChannels = sync.Map{}
)

func SQL(c *gin.Context)

func ServeAPI(ginServer *gin.Engine)

type Channel struct {
	Name  string `json:"name"`
	Count int    `json:"count"`
}

type ColorScheme struct {
	Primary   string
	Secondary string
}

type DocFile struct {
	ID       string     `json:"id"`
	Children []*DocFile `json:"children,omitempty"`
}

type File struct {
	Filename string
	Header   textproto.MIMEHeader
	Size     int64
	Content  string
}

type MultipartForm struct {
	Value map[string][]string
	File  map[string][]File
}

type Workspace struct {
	Path   string `json:"path"`
	Closed bool   `json:"closed"`
}