CVE-2024-36858
published 2024-06-04CVE-2024-36858: An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.06%
86.0th percentile
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| homebrew | jan | — | — |
| janhq | core | 0 – 0.1.11 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Flag requests using the file:/ URI scheme with path traversal in the body payload targeting these endpoints, as used in the appendFileSync and readFileSync exploitation steps. ↗
- →Use FOFA icon hash -165268926 to identify exposed Jan v0.4.12 instances on the internet for asset discovery and attack surface monitoring. ↗
- →Confirm exploitation by checking if the response body of a readFileSync request contains the attacker-supplied string written in a prior writeFileSync/appendFileSync request (write-then-read verification pattern). ↗
- →The exploit chain requires no authentication (PR:N) and uses Content-Type: text/plain;charset=UTF-8 for all three POST requests; alert on this content-type hitting the writeFileSync/appendFileSync/readFileSync paths. ↗
- ·The vulnerability is specific to Jan version 0.4.12; the affected CPE is cpe:2.3:a:homebrew:jan:0.4.12. Detections should be scoped to this version. ↗
- ·The exploit is classified as intrusive/active (nuclei tag: intrusive), meaning detection rules firing on these endpoints may also trigger from legitimate security scanners running the PoC template. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Jan path traversal vulnerability
osv·2024-06-04
CVE-2024-36858 [CRITICAL] Jan path traversal vulnerability
Jan path traversal vulnerability
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. @janhq/core has been deprecated in favor of janhq/jan, this vulnerability has been patched there in v0.5.2.
GHSA
Jan path traversal vulnerability
ghsa·2024-06-04
CVE-2024-36858 [CRITICAL] CWE-434 Jan path traversal vulnerability
Jan path traversal vulnerability
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. @janhq/core has been deprecated in favor of janhq/jan, this vulnerability has been patched there in v0.5.2.
VulnCheck
homebrew jan Unrestricted Upload of File with Dangerous Type
vulncheck·2024·CVSS 9.8
CVE-2024-36858 [CRITICAL] homebrew jan Unrestricted Upload of File with Dangerous Type
homebrew jan Unrestricted Upload of File with Dangerous Type
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
Affected: homebrew jan
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-15&host_type=src&vulnerability=cve-2024-36858; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-22&host_type=src&vulnerability=cve-2024-36858; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-23&host_type=
No detection rules found.
Nuclei
Jan v0.4.12 - Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2024-36858 [CRITICAL] Jan v0.4.12 - Arbitrary File Upload
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
Template:
id: CVE-2024-36858
info:
name: Jan v0.4.12 - Arbitrary File Upload
author: pussycat0x
severity: critical
description: |
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
impact: |
Unauthenticated attackers can upload crafted files to execute arbitrary code on the server.
remediation: |
Update Jan to a version later than v0.4.12 that patches the arbitrary file upload vulnerability.
reference:
- https://github.com/HackAllSec/CVEs/blob/main/Jan%20AFR%20vulnerability/
No writeups or analysis indexed.
2024-06-04
Published
Exploited in the wild