5 matches found
CVE-2025-29509
Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...
CVE-2025-29509
Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...
CVE-2025-29509
CVE-2025-29509 affects Jan v0.5.14 and earlier. An RCE is possible when a user clicks a rendered link in a conversation, due to the app opening external websites and an exposed electronAPI, with unfiltered URLs in shell.openExternal(). The CVSS v3.1 base score is 8.8 (HIGH) with network attack ve...
CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-37273
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...