An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
The vulnerability results from insufficient validation of uploaded files in the /v1/app/writeFileSync interface. An attacker can send a specially crafted file to this endpoint without needing any permissions. The uploaded file is saved on the server in a way that allows its subsequent execution, leading to arbitrary code execution in the context of the application.
An attacker can gain full control over the system running the Jan application — including stealing sensitive data, modifying system files, and permanently compromising the system's integrity and availability (RCE with full CIA triad: confidentiality, integrity, availability).
Apply patches available from the vendor according to references. Immediate update of Jan application above version 0.4.12 is recommended, and — until the update is applied — restrict network access to the application's API interface using firewall or network rules.
Jan version 0.4.12
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHomebrew Jan
APPHomebrew0.4.12