Lucene search
PRIOn knowledge basePRION:CVE-2022-39215HistorySep 15, 2022 - 10:15 p.m.
Design/Logic Flaw
2022-09-1522:15:00
PRIOn knowledge base
www.prio-n.com
4
tauri
framework
vulnerability
version 1.0.6
upgrade
readdir endpoint
allowlist
tauri.conf.json
0.001 Low
EPSS
Percentile
42.3%
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined scope. Users are advised to upgrade. Users unable to upgrade should disable the readDir endpoint in the allowlist inside the tauri.conf.json.
Related
cve
cve
CVE-2022-39215
2022-09-15 22:15:11
nvd
nvd
CVE-2022-39215
2022-09-15 22:15:11
osv
osv
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
2022-09-16 19:28:49
CVE-2022-39215
2022-09-15 22:15:11
rustsec
rustsec
cvelist
cvelist
github
github
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
2022-09-16 19:28:49