CVE-2024-36857 PoC — Jan 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-36857.yaml

Associated Vulnerability

Title:Jan 安全漏洞 (CVE-2024-36857)
Description:Jan是Jan开源的一个 ChatGPT 的开源替代品。 Jan v0.4.12 版本存在安全漏洞，该漏洞源于通过 /v1/app/readFileSync 接口可以进行任意文件读取。

Description

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.

File Snapshot


 id: CVE-2024-36857

info:
  name: Jan v0.4.12 'readFileSync' - Path Traversal
  author: Yusuf Amr
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.