2 matches found
PT-2022-26147 · Unknown · Opensearch
Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.7 OpenSearch versions prior to 2.4.0 Description: An issue in OpenSearch allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of...
CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...