jan
jan copied to clipboard
bug: Read and Write Arbitrary File to server
Describe the bug
Jan's API interface writeFileSync
and appendFileSync
does not filter parameters, resulting in an arbitrary file upload vulnerability.
Jan's API interface readFileSync does not filter parameters, resulting in an arbitrary file read/download vulnerability.
Steps to reproduce
- Jan AFR/AFD vulnerability: https://blog.hackall.cn/cvesubmit/854.html https://github.com/HackAllSec/CVEs/blob/main/Jan%20AFR%20vulnerability/README.md
- Jan Arbitrary File Upload vulnerability: https://blog.hackall.cn/cvesubmit/855.html https://github.com/HackAllSec/CVEs/blob/main/Jan%20Arbitrary%20File%20Upload%20vulnerability/README.md
Expected behavior Read and Write Arbitrary File to server.
Screenshots
Environment details
- Operating System: [Docker]
- Jan Version: [0.4.12]
- Processor: [Intel]
- RAM: [e.g., 8GB, 16GB]
- Any additional relevant hardware specifics: [e.g., Graphics card, SSD/HDD]
Logs If the cause of the error is not clear, kindly provide your usage logs: https://jan.ai/docs/troubleshooting#how-to-get-error-logs
Additional context Add any other context or information that could be helpful in diagnosing the problem.