CWE-94
Allowed-with-ReviewImproper Control of Generation of Code ('Code Injection')
Abstraction: Base · Status: Draft
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
8285 vulnerabilities reference this CWE, most recent first.
GHSA-FCCF-P8FX-VJJ4
Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2024-01-24 21:17The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-3541"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-24T21:17:06Z",
"nvd_published_at": "2014-07-29T11:10:00Z",
"severity": "HIGH"
},
"details": "The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.",
"id": "GHSA-fccf-p8fx-vjj4",
"modified": "2024-01-24T21:17:06Z",
"published": "2022-05-13T01:12:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3541"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=264262"
},
{
"type": "WEB",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-45616"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2014/07/21/1"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Moodle vulnerable to PHP object injection attacks"
}
GHSA-FCCH-9PH8-Q3P4
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-15 21:31Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.
{
"affected": [],
"aliases": [
"CVE-2026-31231"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:16:51Z",
"severity": "CRITICAL"
},
"details": "Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.",
"id": "GHSA-fcch-9ph8-q3p4",
"modified": "2026-05-15T21:31:31Z",
"published": "2026-05-12T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31231"
},
{
"type": "WEB",
"url": "https://github.com/topoteretes/cognee"
},
{
"type": "WEB",
"url": "https://www.notion.so/CVE-2026-31231-35d1e13931888178a963ef9efeb29113"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FCPH-VWQ2-2V5X
Vulnerability from github – Published: 2022-05-01 06:45 – Updated: 2022-05-01 06:45SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
{
"affected": [],
"aliases": [
"CVE-2006-1039"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-03-07T11:02:00Z",
"severity": "MODERATE"
},
"details": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers.",
"id": "GHSA-fcph-vwq2-2v5x",
"modified": "2022-05-01T06:45:31Z",
"published": "2022-05-01T06:45:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1039"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19085"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1015702"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/18006"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FCQF-H4H4-695M
Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-07-19 18:42CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2011-3186"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:34:21Z",
"nvd_published_at": "2011-08-29T18:55:01Z",
"severity": "MODERATE"
},
"details": "CRLF injection vulnerability in `actionpack/lib/action_controller/response.rb` in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.",
"id": "GHSA-fcqf-h4h4-695m",
"modified": "2023-07-19T18:42:54Z",
"published": "2017-10-24T18:33:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156"
},
{
"type": "PACKAGE",
"url": "https://github.com/rails/rails"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921"
},
{
"type": "WEB",
"url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source\u0026output=gplain"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2301"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/08/17/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/14"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/5"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "actionpack CRLF injection vulnerability"
}
GHSA-FCR8-RJ58-CVPJ
Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:31Microsoft Message Queuing Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-36571"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T18:15:13Z",
"severity": "HIGH"
},
"details": "Microsoft Message Queuing Remote Code Execution Vulnerability",
"id": "GHSA-fcr8-rj58-cvpj",
"modified": "2024-04-04T08:31:02Z",
"published": "2023-10-10T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36571"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FCRC-84GC-HCCF
Vulnerability from github – Published: 2022-05-04 00:28 – Updated: 2022-05-04 00:28The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
{
"affected": [],
"aliases": [
"CVE-2012-0173"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-06-12T22:55:00Z",
"severity": "HIGH"
},
"details": "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka \"Remote Desktop Protocol Vulnerability,\" a different vulnerability than CVE-2012-0002.",
"id": "GHSA-fcrc-84gc-hccf",
"modified": "2022-05-04T00:28:31Z",
"published": "2022-05-04T00:28:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0173"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-036"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15116"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FCRP-5JPG-PRRV
Vulnerability from github – Published: 2022-05-01 06:57 – Updated: 2022-05-01 06:57PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
{
"affected": [],
"aliases": [
"CVE-2006-2245"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-05-09T10:02:00Z",
"severity": "MODERATE"
},
"details": "PHP remote file inclusion vulnerability in auction\\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.",
"id": "GHSA-fcrp-5jpg-prrv",
"modified": "2022-05-01T06:57:17Z",
"published": "2022-05-01T06:57:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2245"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26192"
},
{
"type": "WEB",
"url": "http://pridels0.blogspot.com/2006/05/phpbb-auction-mod-remote-file.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19944"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/25263"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/17822"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/1641"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FF2W-WM48-JHQJ
Vulnerability from github – Published: 2024-02-20 12:31 – Updated: 2025-01-16 22:30Arbitrary File Read Vulnerability in Apache Dolphinscheduler.
This issue affects Apache DolphinScheduler: before 3.2.1.
We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.dolphinscheduler:dolphinscheduler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-51770"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-21T00:21:46Z",
"nvd_published_at": "2024-02-20T10:15:08Z",
"severity": "HIGH"
},
"details": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.",
"id": "GHSA-ff2w-wm48-jhqj",
"modified": "2025-01-16T22:30:45Z",
"published": "2024-02-20T12:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51770"
},
{
"type": "WEB",
"url": "https://github.com/apache/dolphinscheduler/pull/15433"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/dolphinscheduler"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/20/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler"
}
GHSA-FF3H-5G59-6PPF
Vulnerability from github – Published: 2022-05-01 18:40 – Updated: 2022-05-01 18:40Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
{
"affected": [],
"aliases": [
"CVE-2007-6231"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-12-04T18:46:00Z",
"severity": "HIGH"
},
"details": "Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.",
"id": "GHSA-ff3h-5g59-6ppf",
"modified": "2022-05-01T18:40:48Z",
"published": "2022-05-01T18:40:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6231"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38801"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/4684"
},
{
"type": "WEB",
"url": "http://osvdb.org/39689"
},
{
"type": "WEB",
"url": "http://osvdb.org/39692"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27895"
},
{
"type": "WEB",
"url": "http://www.attrition.org/pipermail/vim/2007-December/001854.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/26678"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FF66-236V-P4FG
Vulnerability from github – Published: 2026-04-01 00:05 – Updated: 2026-04-06 16:40Summary
A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the normal Import -> SiYuan .sy.zip workflow. Once the note is opened, the malicious attribute breaks out of its original HTML context and injects an event handler, resulting in stored XSS. In the Electron desktop client, this XSS reaches remote code execution because injected JavaScript runs with access to Node/Electron APIs.
Details
The issue is caused by a logic regression in escapeNodeAttributeValues in kernel/filesys/tree.go.
Previously, the escaping logic converted node.KramdownIAL with parse.IAL2Map(...) before deciding whether a value needed escaping. That conversion unescaped existing entities first, so mixed values such as:
&" onmouseenter="alert('IAL-XSS')
were still recognized as unsafe and escaped correctly.
The logic changed to inspect raw KramdownIAL values directly. The new needsEscapeForValue implementation returns false as soon as it sees any known entity such as &, ", <, or >. This means a value containing both an entity and an unescaped raw quote bypasses escaping entirely.
That bypass becomes exploitable because the renderer later inserts block IAL values directly into HTML attributes. A payload like:
&" onmouseenter="require('child_process').exec('calc')
can be rendered into HTML equivalent to:
<div title="&" onmouseenter="require('child_process').exec('calc')">
This creates a stored XSS condition. In SiYuan Desktop, the Electron renderer runs with Node.js integration available, so attacker-controlled JavaScript can invoke Node APIs directly. As a result, the issue is not limited to script execution in the page context and becomes arbitrary command execution on the victim’s machine.
The stored XSS path was validated by importing a crafted .sy.zip through the normal GUI and triggering JavaScript execution from the rendered block. Because the same injected JavaScript runs in the privileged Electron renderer, this is an RCE issue in the desktop client.
PoC
- Start SiYuan Desktop
v3.6.1. - Prepare a crafted
.sy.zipcontaining a .sy document with a block IAL property such as:
"title": "&\" onmouseenter=\"require('child_process').exec('calc')"
- In the UI, right-click any notebook.
- Select
Import -> SiYuan .sy.zip. - Import the crafted archive.
- Open the imported note.
- Move the mouse over the affected paragraph block.
- Observe that the injected JavaScript executes.
- On Windows,
calc.exelaunches, demonstrating arbitrary command execution.
Impact
This vulnerability allows an attacker to deliver a malicious .sy.zip file that executes attacker-controlled JavaScript after import. In the desktop application, that JavaScript runs with Node/Electron privileges and can execute arbitrary operating system commands under the victim’s account. This makes the bug equivalent to local code execution triggered by importing and opening attacker-supplied content.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260329142331-918d1bd9f967"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34585"
],
"database_specific": {
"cwe_ids": [
"CWE-79",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-01T00:05:11Z",
"nvd_published_at": "2026-03-31T22:16:22Z",
"severity": "HIGH"
},
"details": "### Summary\nA vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a `.sy` document, package it as a `.sy.zip`, and have the victim import it through the normal `Import -\u003e SiYuan .sy.zip` workflow. Once the note is opened, the malicious attribute breaks out of its original HTML context and injects an event handler, resulting in stored XSS. In the Electron desktop client, this XSS reaches remote code execution because injected JavaScript runs with access to Node/Electron APIs.\n\n### Details\nThe issue is caused by a logic regression in `escapeNodeAttributeValues` in `kernel/filesys/tree.go`.\nPreviously, the escaping logic converted `node.KramdownIAL` with `parse.IAL2Map(...)` before deciding whether a value needed escaping. That conversion unescaped existing entities first, so mixed values such as:\n```\n\u0026amp;\" onmouseenter=\"alert(\u0027IAL-XSS\u0027)\n```\nwere still recognized as unsafe and escaped correctly.\nThe logic changed to inspect raw `KramdownIAL` values directly. The new `needsEscapeForValue` implementation returns `false` as soon as it sees any known entity such as `\u0026amp;`, `\u0026quot;`, `\u0026lt;`, or `\u0026gt;`. This means a value containing both an entity and an unescaped raw quote bypasses escaping entirely.\n\nThat bypass becomes exploitable because the renderer later inserts block IAL values directly into HTML attributes. A payload like:\n```\n\u0026amp;\" onmouseenter=\"require(\u0027child_process\u0027).exec(\u0027calc\u0027)\n```\ncan be rendered into HTML equivalent to:\n```\n\u003cdiv title=\"\u0026amp;\" onmouseenter=\"require(\u0027child_process\u0027).exec(\u0027calc\u0027)\"\u003e\n```\nThis creates a stored XSS condition. In SiYuan Desktop, the Electron renderer runs with Node.js integration available, so attacker-controlled JavaScript can invoke Node APIs directly. As a result, the issue is not limited to script execution in the page context and becomes arbitrary command execution on the victim\u2019s machine.\n\nThe stored XSS path was validated by importing a crafted `.sy.zip` through the normal GUI and triggering JavaScript execution from the rendered block. Because the same injected JavaScript runs in the privileged Electron renderer, this is an RCE issue in the desktop client.\n\n### PoC\n1. Start SiYuan Desktop `v3.6.1`.\n2. Prepare a crafted `.sy.zip` containing a .sy document with a block IAL property such as:\n```\n\"title\": \"\u0026amp;\\\" onmouseenter=\\\"require(\u0027child_process\u0027).exec(\u0027calc\u0027)\"\n```\n3. In the UI, right-click any notebook.\n4. Select `Import -\u003e SiYuan .sy.zip`.\n5. Import the crafted archive.\n6. Open the imported note.\n7. Move the mouse over the affected paragraph block.\n8. Observe that the injected JavaScript executes.\n9. On Windows, `calc.exe` launches, demonstrating arbitrary command execution.\n\n### Impact\nThis vulnerability allows an attacker to deliver a malicious `.sy.zip` file that executes attacker-controlled JavaScript after import. In the desktop application, that JavaScript runs with Node/Electron privileges and can execute arbitrary operating system commands under the victim\u2019s account. This makes the bug equivalent to local code execution triggered by importing and opening attacker-supplied content.",
"id": "GHSA-ff66-236v-p4fg",
"modified": "2026-04-06T16:40:19Z",
"published": "2026-04-01T00:05:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-ff66-236v-p4fg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34585"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/issues/17246"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/commit/918d1bd9f967d888f474f6764744a3d8cca4a501"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.6.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution"
}
Mitigation
Strategy: Refactoring
Refactor your program so that you do not have to dynamically generate code.
Mitigation
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation MIT-32
Strategy: Compilation or Build Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation MIT-32
Strategy: Environment Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.