CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-36858

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.668

EPSS Ranking 98.4%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability
https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability

Products affected by CVE-2024-36858

Homebrew » Jan » Version: 0.4.12

cpe:2.3:a:homebrew:jan:0.4.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36858

Products

Pricing

Contact Us