GHSA-7m5h-w69j-qggg

Source

https://github.com/advisories/GHSA-7m5h-w69j-qggg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-7m5h-w69j-qggg/GHSA-7m5h-w69j-qggg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7m5h-w69j-qggg

Aliases

CVE-2026-40259

Published

2026-04-10T19:32:07Z

Modified

2026-05-05T16:03:41.852991Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`

Details

Summary

An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view (AV) definition files from the workspace.

The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler forwards a caller-controlled id directly into a model function that deletes data/storage/av/<id>.json without verifying either:

that the caller is allowed to perform write/destructive actions; or
that the target AV is actually unused.

This is a persistent integrity and availability issue reachable from the publish surface.

Root Cause

1. Publish users are issued a `RoleReader` JWT

kernel/model/auth.go

ClaimsKeyRole: RoleReader,

2. The publish reverse proxy forwards that token upstream

3. `CheckAuth` accepts `RoleReader`

kernel/model/session.go

if role := GetGinContextRole(c); IsValidRole(role, []Role{
    RoleAdministrator,
    RoleEditor,
    RoleReader,
}) {
    c.Next()
    return
}

4. The route is exposed with `CheckAuth` only

kernel/api/router.go

ginServer.Handle("POST", "/api/av/removeUnusedAttributeView", model.CheckAuth, removeUnusedAttributeView)

There is no CheckAdminRole and no CheckReadonly.

5. The handler forwards attacker-controlled `id` directly to the delete sink

kernel/api/av.go

avID := arg["id"].(string)
model.RemoveUnusedAttributeView(avID)

6. The model deletes the AV file unconditionally

kernel/model/attribute_view.go

func RemoveUnusedAttributeView(id string) {
    absPath := filepath.Join(util.DataDir, "storage", "av", id+".json")
    if !filelock.IsExist(absPath) {
        return
    }
    ...
    if err = filelock.RemoveWithoutFatal(absPath); err != nil {
        ...
        return
    }
    IncSync()
}

Crucially, this function does not verify that the supplied AV is actually unused. The name of the function suggests a cleanup helper, but the implementation is really "delete AV file by id if it exists".

Attack Prerequisites

Publish service enabled
Attacker can access the publish service
If publish auth is enabled, attacker has valid publish-reader credentials
Attacker knows an avID

Obtaining `avID`

avID is not secret. It is exposed extensively in frontend markup as data-av-id.

Examples:

Any publish-visible database/attribute view can therefore disclose a valid avID to the attacker.

Exploit Path

Attacker browses published content containing an attribute view.
Attacker extracts the data-av-id value from the page/DOM.
Attacker sends a POST request to /api/av/removeUnusedAttributeView through the publish service.
Publish proxy injects a valid RoleReader token.
CheckAuth accepts the request.
The handler passes the attacker-controlled avID to model.RemoveUnusedAttributeView.
The backend deletes data/storage/av/<avID>.json.

Proof of Concept

Request:

POST /api/av/removeUnusedAttributeView HTTP/1.1
Host: <publish-host>:<publish-port>
Content-Type: application/json
Authorization: Basic <publish-account-creds-if-enabled>

{
  "id": "<exposed-data-av-id>"
}

Expected result:

HTTP 200
backend increments sync state
the target attribute view file is removed from data/storage/av/
published and local workspace behavior for that AV becomes broken until restored from history or recreated

Impact

This gives a low-privileged publish reader a destructive persistent write primitive against workspace data.

Practical consequences include:

deletion of live attribute view definitions
corruption/breakage of published database views
breakage of local workspace rendering and AV-backed relationships
operational disruption until restore or manual repair

The bug affects integrity and availability, not merely UI state.

Recommended Fix

At minimum:

Block publish/read-only users from this route.
Require admin/write authorization.
Re-validate that the target AV is actually unused before deletion.

Safe router fix:

ginServer.Handle("POST", "/api/av/removeUnusedAttributeView",
    model.CheckAuth,
    model.CheckAdminRole,
    model.CheckReadonly,
    removeUnusedAttributeView,
)

And inside the model or handler, reject deletion unless the target id is present in UnusedAttributeViews(...).

Database specific

{
    "github_reviewed_at": "2026-04-10T19:32:07Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2026-04-16T23:16:33Z",
    "cwe_ids": [
        "CWE-285"
    ]
}

References

Affected packages

Go / github.com/siyuan-note/siyuan/kernel

Package

Name: github.com/siyuan-note/siyuan/kernel; View open source insights on deps.dev
Purl: pkg:golang/github.com/siyuan-note/siyuan/kernel

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20260407035653-2f416e5253f1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-7m5h-w69j-qggg/GHSA-7m5h-w69j-qggg.json"