Vulnerabilities (CVE)

Filtered by vendor Homebrew Subscribe
Filtered by product Jan
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37273 1 Homebrew 1 Jan 2024-11-21 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-36858 1 Homebrew 1 Jan 2024-11-21 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-36857 1 Homebrew 1 Jan 2024-11-21 N/A 7.5 HIGH
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.