jan icon indicating copy to clipboard operation
jan copied to clipboard

Published 20 hours ago verified publisher icon janhq

bug: Read and Write Arbitrary File to server

Open NHPT opened this issue 1 month ago • 1 comments

Describe the bug Jan's API interface writeFileSync and appendFileSync does not filter parameters, resulting in an arbitrary file upload vulnerability. Jan's API interface readFileSync does not filter parameters, resulting in an arbitrary file read/download vulnerability.

Steps to reproduce

  • Jan AFR/AFD vulnerability: https://blog.hackall.cn/cvesubmit/854.html https://github.com/HackAllSec/CVEs/blob/main/Jan%20AFR%20vulnerability/README.md
  • Jan Arbitrary File Upload vulnerability: https://blog.hackall.cn/cvesubmit/855.html https://github.com/HackAllSec/CVEs/blob/main/Jan%20Arbitrary%20File%20Upload%20vulnerability/README.md

Expected behavior Read and Write Arbitrary File to server.

Screenshots

Environment details

  • Operating System: [Docker]
  • Jan Version: [0.4.12]
  • Processor: [Intel]
  • RAM: [e.g., 8GB, 16GB]
  • Any additional relevant hardware specifics: [e.g., Graphics card, SSD/HDD]

Logs If the cause of the error is not clear, kindly provide your usage logs: https://jan.ai/docs/troubleshooting#how-to-get-error-logs

Additional context Add any other context or information that could be helpful in diagnosing the problem.

NHPT avatar May 06 '24 09:05 NHPT