bug: Read and Write Arbitrary File to server

[NHPT]

Describe the bug Jan's API interface writeFileSync and appendFileSync does not filter parameters, resulting in an arbitrary file upload vulnerability. Jan's API interface readFileSync does not filter parameters, resulting in an arbitrary file read/download vulnerability.

Steps to reproduce

• Jan AFR/AFD vulnerability: https://blog.hackall.cn/cvesubmit/854.html https://github.com/HackAllSec/CVEs/blob/main/Jan%20AFR%20vulnerability/README.md
• Jan Arbitrary File Upload vulnerability: https://blog.hackall.cn/cvesubmit/855.html https://github.com/HackAllSec/CVEs/blob/main/Jan%20Arbitrary%20File%20Upload%20vulnerability/README.md

Expected behavior Read and Write Arbitrary File to server.

Screenshots

Environment details

• Operating System: [Docker]
• Jan Version: [0.4.12]
• Processor: [Intel]
• RAM: [e.g., 8GB, 16GB]
• Any additional relevant hardware specifics: [e.g., Graphics card, SSD/HDD]

Logs If the cause of the error is not clear, kindly provide your usage logs: https://jan.ai/docs/troubleshooting#how-to-get-error-logs

Additional context Add any other context or information that could be helpful in diagnosing the problem.

[louis-jan]

We are deprecating access to the FS module from the client.

[Van-QA]

Jan resolved the issue in Jan v0.5.2, and depre‌‌cated the @janhq/core pac‌‌kage. Could you kindly double-check if the problem still exists? https://github.com/github/advisory-database/pull/4606