Tcotc

**Name of the Vulnerable Software and Affected Versions** SiYuan versions 3.6.0 and below **Description** SiYuan, a personal knowledge management system, has an issue where the `/api/lute/html2BlockDOM` endpoint on the desktop copies local files pointed to by `file://` links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. This, combined with the `GET /assets/*path` endpoint, which only requires authentication, allows a visitor to the publish service to cause the desktop kernel to copy any readable sensitive file and then read it via GET, leading to the exfiltration of sensitive files. The `POST /api/lute/html2BlockDOM` endpoint is protected only by `model.CheckAuth`, and the publish read-only role is not restricted. The `GET /assets/*path` endpoint does not have publish-scope or admin checks. The attack chain involves calling `html2BlockDOM` to copy a sensitive file into the `data/assets/` directory, extracting the `data-href` attribute from the returned DOM, and then requesting `GET /assets/*` to retrieve the file content. **Recommendations** Update SiYuan to version 3.6.1 or later.