You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Jan's API interface writeFileSync and appendFileSync does not filter parameters, resulting in an arbitrary file upload vulnerability.
Jan's API interface readFileSync does not filter parameters, resulting in an arbitrary file read/download vulnerability.
Describe the bug
Jan's API interface
writeFileSync
andappendFileSync
does not filter parameters, resulting in an arbitrary file upload vulnerability.Jan's API interface readFileSync does not filter parameters, resulting in an arbitrary file read/download vulnerability.
Steps to reproduce
https://blog.hackall.cn/cvesubmit/854.html
https://github.com/HackAllSec/CVEs/blob/main/Jan%20AFR%20vulnerability/README.md
https://blog.hackall.cn/cvesubmit/855.html
https://github.com/HackAllSec/CVEs/blob/main/Jan%20Arbitrary%20File%20Upload%20vulnerability/README.md
Expected behavior
Read and Write Arbitrary File to server.
Screenshots
Environment details
Logs
If the cause of the error is not clear, kindly provide your usage logs: https://jan.ai/docs/troubleshooting#how-to-get-error-logs
Additional context
Add any other context or information that could be helpful in diagnosing the problem.
The text was updated successfully, but these errors were encountered: