HackAllSec - Security Researcher - Exploit Intelligence Platform

CVE-2024-36857 WRITEUP HIGH WORKING POC

Jan v0.4.12 - Info Disclosure

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.

CVSS 7.5

View Code

CVE-2024-36858 WRITEUP CRITICAL WORKING POC

Jan v0.4.12 - RCE

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS 9.8

View Code

CVE-2024-37273 WRITEUP CRITICAL WORKING POC

Homebrew Jan - Code Injection

An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS 9.8

View Code