Janhq Core vulnerabilities
3 known vulnerabilities affecting janhq/core.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-36858P1CRITICALExploitedPoC≥ 0, ≤ 0.1.112024-06-04
CVE-2024-36858 [CRITICAL] CWE-434 Jan path traversal vulnerability
Jan path traversal vulnerability
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. @janhq/core has been deprecated in favor of janhq/jan, this vulnerability has been patched there in v0.5.2.
ghsaosv
CVE-2024-36857P2HIGHExploitedPoC≥ 0, ≤ 0.1.112024-06-04
CVE-2024-36857 [HIGH] CWE-22 Jan path traversal vulnerability
Jan path traversal vulnerability
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
ghsaosv
CVE-2024-37273P3CRITICAL≥ 0, ≤ 0.1.112024-06-04
CVE-2024-37273 [CRITICAL] CWE-22 Jan path traversal vulnerability
Jan path traversal vulnerability
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
ghsaosv