4 matches found
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...
CVE-2024-36858
creationtimestamp| type| source ---|---|--- 2025-06-16 21:02:25+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lrquv7dmcn2i 2026-02-16 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-02-16 2026-06-19 12:45:39+00:00| exploited|...
CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-36858
Summary: CVE-2024-36858 affects Jan v0.4.12 via the /v1/app/writeFileSync endpoint, where an arbitrary file upload vulnerability allows an attacker to execute arbitrary code. The root cause is an insecure file upload interface that does not sufficiently validate uploaded content. The impact is de...