149 matches found
CVE-2023-31134
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...
Open redirect
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...
CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...
CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...
CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...
CVE-2023-31134
The CVE-2023-31134 issue affects Tauri builds where IPC isolation can be bypassed by redirecting an existing window to an external website. This vulnerability exists in specific pre-patch versions: 1.0.0–1.0.9, 1.1.0–1.1.4, and 1.2.0–1.2.5. The attack surface is the IPC layer, granting external s...
Tauri 输入验证错误漏洞
Tauri is a Tauri open source for building smaller, faster, and more secure desktop applications using a web front end. An input validation error vulnerability exists in Tauri versions 1.0.0 through 1.0.9, 1.1.0 through 1.1.4, and 1.2.0 through 1.2, which stems from the fact that isolation can be...
GHSA-4WM2-CWCF-WWVP Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Impact The Tauri IPC is usually strictly isolated from external websites but the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowin...
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Impact The Tauri IPC is usually strictly isolated from external websites but the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowin...
Tauri 安全漏洞
Tauri is Tauri's open source for building smaller, faster, and more secure desktop applications using a web front end. Tauri version 2.2.1 and earlier versions of a security vulnerability , the vulnerability stems from the parse method does not restrict the name of the "proto" key parsing , which...
CVE-2022-46171
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...
Path traversal
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...
CVE-2022-46171 Tauri vulnerable to path traversal
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...
CVE-2022-46171
The CVE-2022-46171 entry concerns the Tauri framework, where filesystem glob pattern wildcards (*, ?, [...]) by default match file path literals and leading dots, unintentionally exposing subfolder contents within allowed paths. This is a path traversal risk tied to the fs scope behavior, particu...
CVE-2022-46171 Tauri vulnerable to path traversal
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...
CVE-2022-46171 Tauri vulnerable to path traversal
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...
Tauri 路径遍历漏洞
Tauri is Tauri open source to build smaller, faster and more secure desktop applications using a web front end. Tauri has a path traversal vulnerability. Attackers use this vulnerability to obtain the contents of the path's sub-folder...
tauri-plugin-fs (>=2.0.0-alpha.0 <=2.0.0-alpha.2) potentially affected by CVE-2022-46171 via tauri (=2.0.0-alpha.15)
tauri CARGO version =2.0.0-alpha.15 is affected by a known vulnerability. The following packages have a transitive dependency on tauri and may be impacted: - tauri-plugin-fs =2.0.0-alpha.0, =2.0.0-alpha.2 Source cves: CVE-2022-46171 Source advisory: OSV:GHSA-6MV3-WM7J-H4W5...
GHSA-6MV3-WM7J-H4W5 Tauri Filesystem Scope Glob Pattern is too Permissive
Impact The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The fs scope $HOME/.key would also allow $HOME/.ssh/secret.key to be read even though it is in a sub director...
PT-2022-27785 · Tauri · Tauri
Name of the Vulnerable Software and Affected Versions: Tauri versions prior to the latest release Tauri versions 1.x prior to the backported patch Description: The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes su...