Common Weakness Enumeration

CWE-94

Allowed-with-Review

Improper Control of Generation of Code ('Code Injection')

Abstraction: Base · Status: Draft

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

8285 vulnerabilities reference this CWE, most recent first.

GHSA-FCCF-P8FX-VJJ4

Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2024-01-24 21:17
VLAI
Summary
Moodle vulnerable to PHP object injection attacks
Details

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-3541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-24T21:17:06Z",
    "nvd_published_at": "2014-07-29T11:10:00Z",
    "severity": "HIGH"
  },
  "details": "The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.",
  "id": "GHSA-fccf-p8fx-vjj4",
  "modified": "2024-01-24T21:17:06Z",
  "published": "2022-05-13T01:12:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3541"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=264262"
    },
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-45616"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2014/07/21/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Moodle vulnerable to PHP object injection attacks"
}

GHSA-FCCH-9PH8-Q3P4

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-15 21:31
VLAI
Details

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:16:51Z",
    "severity": "CRITICAL"
  },
  "details": "Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.",
  "id": "GHSA-fcch-9ph8-q3p4",
  "modified": "2026-05-15T21:31:31Z",
  "published": "2026-05-12T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31231"
    },
    {
      "type": "WEB",
      "url": "https://github.com/topoteretes/cognee"
    },
    {
      "type": "WEB",
      "url": "https://www.notion.so/CVE-2026-31231-35d1e13931888178a963ef9efeb29113"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCPH-VWQ2-2V5X

Vulnerability from github – Published: 2022-05-01 06:45 – Updated: 2022-05-01 06:45
VLAI
Details

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-1039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-03-07T11:02:00Z",
    "severity": "MODERATE"
  },
  "details": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers.",
  "id": "GHSA-fcph-vwq2-2v5x",
  "modified": "2022-05-01T06:45:31Z",
  "published": "2022-05-01T06:45:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1039"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19085"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015702"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18006"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0810"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FCQF-H4H4-695M

Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-07-19 18:42
VLAI
Summary
actionpack CRLF injection vulnerability
Details

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-3186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:34:21Z",
    "nvd_published_at": "2011-08-29T18:55:01Z",
    "severity": "MODERATE"
  },
  "details": "CRLF injection vulnerability in `actionpack/lib/action_controller/response.rb` in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.",
  "id": "GHSA-fcqf-h4h4-695m",
  "modified": "2023-07-19T18:42:54Z",
  "published": "2017-10-24T18:33:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rails/rails"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921"
    },
    {
      "type": "WEB",
      "url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source\u0026output=gplain"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2301"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "actionpack CRLF injection vulnerability"
}

GHSA-FCR8-RJ58-CVPJ

Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:31
VLAI
Details

Microsoft Message Queuing Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T18:15:13Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Message Queuing Remote Code Execution Vulnerability",
  "id": "GHSA-fcr8-rj58-cvpj",
  "modified": "2024-04-04T08:31:02Z",
  "published": "2023-10-10T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36571"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCRC-84GC-HCCF

Vulnerability from github – Published: 2022-05-04 00:28 – Updated: 2022-05-04 00:28
VLAI
Details

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-0173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-12T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka \"Remote Desktop Protocol Vulnerability,\" a different vulnerability than CVE-2012-0002.",
  "id": "GHSA-fcrc-84gc-hccf",
  "modified": "2022-05-04T00:28:31Z",
  "published": "2022-05-04T00:28:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0173"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-036"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15116"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FCRP-5JPG-PRRV

Vulnerability from github – Published: 2022-05-01 06:57 – Updated: 2022-05-01 06:57
VLAI
Details

PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-2245"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-09T10:02:00Z",
    "severity": "MODERATE"
  },
  "details": "PHP remote file inclusion vulnerability in auction\\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.",
  "id": "GHSA-fcrp-5jpg-prrv",
  "modified": "2022-05-01T06:57:17Z",
  "published": "2022-05-01T06:57:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2245"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26192"
    },
    {
      "type": "WEB",
      "url": "http://pridels0.blogspot.com/2006/05/phpbb-auction-mod-remote-file.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19944"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25263"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17822"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1641"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FF2W-WM48-JHQJ

Vulnerability from github – Published: 2024-02-20 12:31 – Updated: 2025-01-16 22:30
VLAI
Summary
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
Details

Arbitrary File Read Vulnerability in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.1.

We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.dolphinscheduler:dolphinscheduler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-51770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-21T00:21:46Z",
    "nvd_published_at": "2024-02-20T10:15:08Z",
    "severity": "HIGH"
  },
  "details": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.",
  "id": "GHSA-ff2w-wm48-jhqj",
  "modified": "2025-01-16T22:30:45Z",
  "published": "2024-02-20T12:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51770"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/dolphinscheduler/pull/15433"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/dolphinscheduler"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/02/20/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler"
}

GHSA-FF3H-5G59-6PPF

Vulnerability from github – Published: 2022-05-01 18:40 – Updated: 2022-05-01 18:40
VLAI
Details

Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-6231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-04T18:46:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/.  NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.",
  "id": "GHSA-ff3h-5g59-6ppf",
  "modified": "2022-05-01T18:40:48Z",
  "published": "2022-05-01T18:40:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6231"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38801"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4684"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/39689"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/39692"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27895"
    },
    {
      "type": "WEB",
      "url": "http://www.attrition.org/pipermail/vim/2007-December/001854.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26678"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FF66-236V-P4FG

Vulnerability from github – Published: 2026-04-01 00:05 – Updated: 2026-04-06 16:40
VLAI
Summary
SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution
Details

Summary

A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the normal Import -> SiYuan .sy.zip workflow. Once the note is opened, the malicious attribute breaks out of its original HTML context and injects an event handler, resulting in stored XSS. In the Electron desktop client, this XSS reaches remote code execution because injected JavaScript runs with access to Node/Electron APIs.

Details

The issue is caused by a logic regression in escapeNodeAttributeValues in kernel/filesys/tree.go. Previously, the escaping logic converted node.KramdownIAL with parse.IAL2Map(...) before deciding whether a value needed escaping. That conversion unescaped existing entities first, so mixed values such as:

&" onmouseenter="alert('IAL-XSS')

were still recognized as unsafe and escaped correctly. The logic changed to inspect raw KramdownIAL values directly. The new needsEscapeForValue implementation returns false as soon as it sees any known entity such as &, ", <, or >. This means a value containing both an entity and an unescaped raw quote bypasses escaping entirely.

That bypass becomes exploitable because the renderer later inserts block IAL values directly into HTML attributes. A payload like:

&" onmouseenter="require('child_process').exec('calc')

can be rendered into HTML equivalent to:

<div title="&amp;" onmouseenter="require('child_process').exec('calc')">

This creates a stored XSS condition. In SiYuan Desktop, the Electron renderer runs with Node.js integration available, so attacker-controlled JavaScript can invoke Node APIs directly. As a result, the issue is not limited to script execution in the page context and becomes arbitrary command execution on the victim’s machine.

The stored XSS path was validated by importing a crafted .sy.zip through the normal GUI and triggering JavaScript execution from the rendered block. Because the same injected JavaScript runs in the privileged Electron renderer, this is an RCE issue in the desktop client.

PoC

  1. Start SiYuan Desktop v3.6.1.
  2. Prepare a crafted .sy.zip containing a .sy document with a block IAL property such as:
"title": "&amp;\" onmouseenter=\"require('child_process').exec('calc')"
  1. In the UI, right-click any notebook.
  2. Select Import -> SiYuan .sy.zip.
  3. Import the crafted archive.
  4. Open the imported note.
  5. Move the mouse over the affected paragraph block.
  6. Observe that the injected JavaScript executes.
  7. On Windows, calc.exe launches, demonstrating arbitrary command execution.

Impact

This vulnerability allows an attacker to deliver a malicious .sy.zip file that executes attacker-controlled JavaScript after import. In the desktop application, that JavaScript runs with Node/Electron privileges and can execute arbitrary operating system commands under the victim’s account. This makes the bug equivalent to local code execution triggered by importing and opening attacker-supplied content.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260329142331-918d1bd9f967"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T00:05:11Z",
    "nvd_published_at": "2026-03-31T22:16:22Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a `.sy` document, package it as a `.sy.zip`, and have the victim import it through the normal `Import -\u003e SiYuan .sy.zip` workflow. Once the note is opened, the malicious attribute breaks out of its original HTML context and injects an event handler, resulting in stored XSS. In the Electron desktop client, this XSS reaches remote code execution because injected JavaScript runs with access to Node/Electron APIs.\n\n### Details\nThe issue is caused by a logic regression in `escapeNodeAttributeValues` in `kernel/filesys/tree.go`.\nPreviously, the escaping logic converted `node.KramdownIAL` with `parse.IAL2Map(...)` before deciding whether a value needed escaping. That conversion unescaped existing entities first, so mixed values such as:\n```\n\u0026amp;\" onmouseenter=\"alert(\u0027IAL-XSS\u0027)\n```\nwere still recognized as unsafe and escaped correctly.\nThe logic changed to inspect raw `KramdownIAL` values directly. The new `needsEscapeForValue` implementation returns `false` as soon as it sees any known entity such as `\u0026amp;`, `\u0026quot;`, `\u0026lt;`, or `\u0026gt;`. This means a value containing both an entity and an unescaped raw quote bypasses escaping entirely.\n\nThat bypass becomes exploitable because the renderer later inserts block IAL values directly into HTML attributes. A payload like:\n```\n\u0026amp;\" onmouseenter=\"require(\u0027child_process\u0027).exec(\u0027calc\u0027)\n```\ncan be rendered into HTML equivalent to:\n```\n\u003cdiv title=\"\u0026amp;\" onmouseenter=\"require(\u0027child_process\u0027).exec(\u0027calc\u0027)\"\u003e\n```\nThis creates a stored XSS condition. In SiYuan Desktop, the Electron renderer runs with Node.js integration available, so attacker-controlled JavaScript can invoke Node APIs directly. As a result, the issue is not limited to script execution in the page context and becomes arbitrary command execution on the victim\u2019s machine.\n\nThe stored XSS path was validated by importing a crafted `.sy.zip` through the normal GUI and triggering JavaScript execution from the rendered block. Because the same injected JavaScript runs in the privileged Electron renderer, this is an RCE issue in the desktop client.\n\n### PoC\n1. Start SiYuan Desktop `v3.6.1`.\n2. Prepare a crafted `.sy.zip` containing a .sy document with a block IAL property such as:\n```\n\"title\": \"\u0026amp;\\\" onmouseenter=\\\"require(\u0027child_process\u0027).exec(\u0027calc\u0027)\"\n```\n3. In the UI, right-click any notebook.\n4. Select `Import -\u003e SiYuan .sy.zip`.\n5. Import the crafted archive.\n6. Open the imported note.\n7. Move the mouse over the affected paragraph block.\n8. Observe that the injected JavaScript executes.\n9. On Windows, `calc.exe` launches, demonstrating arbitrary command execution.\n\n### Impact\nThis vulnerability allows an attacker to deliver a malicious `.sy.zip` file that executes attacker-controlled JavaScript after import. In the desktop application, that JavaScript runs with Node/Electron privileges and can execute arbitrary operating system commands under the victim\u2019s account. This makes the bug equivalent to local code execution triggered by importing and opening attacker-supplied content.",
  "id": "GHSA-ff66-236v-p4fg",
  "modified": "2026-04-06T16:40:19Z",
  "published": "2026-04-01T00:05:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-ff66-236v-p4fg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34585"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/issues/17246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/918d1bd9f967d888f474f6764744a3d8cca4a501"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution"
}

Mitigation
Architecture and Design

Strategy: Refactoring

Refactor your program so that you do not have to dynamically generate code.

Mitigation
Architecture and Design
  • Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
  • Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
  • This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
  • Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Testing

Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.

Mitigation MIT-32
Operation

Strategy: Compilation or Build Hardening

Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).

Mitigation MIT-32
Operation

Strategy: Environment Hardening

Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).

Mitigation
Implementation

For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].

CAPEC-242: Code Injection

An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.