CVE-2024-36858

Name of the Vulnerable Software and Affected Versions Jan version 0.4.12

Description An arbitrary file upload vulnerability in the "/v1/app/writeFileSync" interface allows attackers to execute arbitrary code via uploading a crafted file. The writeFileSync interface is vulnerable, and attackers can exploit this by uploading a malicious file.

Recommendations For Jan version 0.4.12, consider upgrading to version 0.5.2 or later, where this vulnerability has been patched. As a temporary workaround, consider restricting access to the "/v1/app/writeFileSync" interface to minimize the risk of exploitation.