{"id":"GO-2024-3326","summary":"SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel","details":"SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel","aliases":["CVE-2024-55659","GHSA-fqj6-whhx-47p7"],"modified":"2026-03-17T04:49:26.247849Z","published":"2024-12-12T15:46:38Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-3326"},"references":[{"type":"ADVISORY","url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-fqj6-whhx-47p7"},{"type":"WEB","url":"https://github.com/siyuan-note/siyuan/commit/e70ed57f6e4852e2bd702671aeb8eb3a47a36d71"}],"affected":[{"package":{"name":"github.com/siyuan-note/siyuan/kernel","ecosystem":"Go","purl":"pkg:golang/github.com/siyuan-note/siyuan/kernel"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3326.json"}}],"schema_version":"1.7.5"}