6 matches found
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...
PT-2025-20578
Name of the Vulnerable Software and Affected Versions Jan versions 0.5.14 and earlier Description The software is susceptible to remote code execution RCE when a user clicks on a link displayed within a conversation. This occurs because the application opens external websites and exposes the...
VulnCheck KEV: CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...
Jan path traversal vulnerability
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. @janhq/core has been deprecated in favor of janhq/jan, this vulnerability has been patched there in v0.5.2...
GHSA-5JQC-QJ57-4HRC Jan path traversal vulnerability
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface...
PT-2024-27183 · Jan · Jan
Name of the Vulnerable Software and Affected Versions: Jan version 0.4.12 Description: An arbitrary file upload vulnerability in the "/v1/app/writeFileSync" interface allows attackers to execute arbitrary code via uploading a crafted file. The writeFileSync interface is vulnerable, and attackers...