npm package
@janhq/core
pkg:npm/%40janhq/core
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37273 | — | <= 0.1.11 | — | Jun 4, 2024 | An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-36858 | — | <= 0.1.11 | — | Jun 4, 2024 | An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-36857 | — | <= 0.1.11 | — | Jun 4, 2024 | Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. |
- CVE-2024-37273Jun 4, 2024affected <= 0.1.11
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-36858Jun 4, 2024affected <= 0.1.11
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-36857Jun 4, 2024affected <= 0.1.11
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.