5 matches found
Jan v0.4.12 'readFileSync' - Path Traversal
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. id: CVE-2024-36857 info: name: Jan v0.4.12 'readFileSync' - Path Traversal author: Yusuf Amr severity: high description: | Jan v0.4.12 was discovered to contain an arbitrary file rea...
CVE-2024-36857
creationtimestamp| type| source ---|---|--- 2025-02-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-02 2025-02-08 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-08 2025-02-14 00:00:00+00:00| seen| The Shadowserver...
CVE-2024-36857
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface...
CVE-2024-36857
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface...
CVE-2024-36857
CVE-2024-36857 affects Jan v0.4.12, which contains an arbitrary file read vulnerability exposed through the /v1/app/readFileSync interface. The connected template details a path traversal flaw that allows unauthenticated attackers to read arbitrary files on the system, via a vulnerable readFileSy...