9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.2%
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. $HOME/*
), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the fs
endpoint are affected. The regression has been patched on version 1.4.1.
CPE | Name | Operator | Version |
---|---|---|---|
tauri:tauri | tauri | eq | 1.4.0 |
[
{
"vendor": "tauri-apps",
"product": "tauri",
"versions": [
{
"version": "= 1.4.0",
"status": "affected"
}
]
}
]
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.2%