CVE-2024-36858

CRITICAL EXPLOITED NUCLEI

Jan v0.4.12 - RCE

Title source: llm

Description

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.

Nuclei Templates (1)

Jan v0.4.12 - Arbitrary File Upload

CRITICALby pussycat0x

FOFA: icon_hash="-165268926"

References (1)

[Exploit, Third Party Advisory] https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.7359

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-08-15

CWE

CWE-434

Status published

Products (2)

homebrew/jan 0.4.12

janhq/core 0npm

Published Jun 04, 2024

Tracked Since Feb 18, 2026