CVE-2024-53504

Name of the Vulnerable Software and Affected Versions Siyuan version 3.1.11

Description A SQL injection issue has been identified in the notebook parameter through the "/searchHistory" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For Siyuan version 3.1.11, consider disabling the notebook parameter in the "/searchHistory" API endpoint as a temporary workaround until a patch is available. Avoid using the notebook parameter in the affected API endpoint until the issue is resolved.