Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GHSA-qfjh-mvq6-c5p8] Jan path traversal vulnerability #4606

Merged
merged 1 commit into from
Jul 17, 2024
Merged

[GHSA-qfjh-mvq6-c5p8] Jan path traversal vulnerability #4606

merged 1 commit into from
Jul 17, 2024

Conversation

Van-QA
Copy link

@Van-QA Van-QA commented Jul 15, 2024
edited
Loading

Updates

  • Resolved product: Jan v0.5.2

Comments
Jan resolved the issue in Jan v0.5.2, and depre‌‌cated the @janhq/core pac‌‌kage. Could you kindly double-check if the problem still exists?

@github-actions github-actions bot changed the base branch from main to Van-QA/advisory-improvement-4606 July 15, 2024 09:11
@Van-QA Van-QA mentioned this pull request Jul 15, 2024
Closed
@CallmeMari
Copy link

Hi @Van-QA, do you have any reference links to support this claim?

@Van-QA
Copy link
Author

Van-QA commented Jul 16, 2024

Hi @Van-QA, do you have any reference links to support this claim?

hi @CallmeMari, from the npm, you will no longer be able to find the @janhq/core package as Jan deprecated it.

For Jan 0.5.2, can you advise on how to collect the evidence that Jan resolved the issue?

Here is the PR of the fix from the dev team: janhq/jan#3152

Thank you,
Van

@advisory-database advisory-database bot merged commit b4bc8a2 into Van-QA/advisory-improvement-4606 Jul 17, 2024
3 checks passed
@advisory-database
Copy link
Contributor

Hi @Van-QA! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

@advisory-database advisory-database bot deleted the Van-QA-GHSA-qfjh-mvq6-c5p8 branch July 17, 2024 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Van-QA @CallmeMari