CVE-2024-53507

Name of the Vulnerable Software and Affected Versions Siyuan version 3.1.11

Description A SQL injection issue was found in the /getHistoryItems endpoint. This allows for potential exploitation through SQL injection attacks. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For Siyuan version 3.1.11, consider restricting access to the /getHistoryItems endpoint until a patch is available. As a temporary workaround, avoid using parameters that could lead to SQL injection in this endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.