Lucene search
K

149 matches found

NVD
NVD
added 2023/05/09 2:15 p.m.18 views

CVE-2023-31134

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

5.4CVSS5.3AI score0.00524EPSS
Exploits0References6
Prion
Prion
added 2023/05/09 2:15 p.m.17 views

Open redirect

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

4.9CVSS5.5AI score0.00524EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/09 1:9 p.m.9 views

CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

4.8CVSS5.5AI score0.00524EPSS
Exploits0References6
OSV
OSV
added 2023/05/09 1:9 p.m.14 views

CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

4.8CVSS5.5AI score0.00524EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/05/09 1:9 p.m.21 views

CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

4.8CVSS5.7AI score0.00524EPSS
Exploits0References6
CVE
CVE
added 2023/05/09 1:9 p.m.48 views

CVE-2023-31134

The CVE-2023-31134 issue affects Tauri builds where IPC isolation can be bypassed by redirecting an existing window to an external website. This vulnerability exists in specific pre-patch versions: 1.0.0–1.0.9, 1.1.0–1.1.4, and 1.2.0–1.2.5. The attack surface is the IPC layer, granting external s...

5.4CVSS5.2AI score0.00524EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.7 views

Tauri 输入验证错误漏洞

Tauri is a Tauri open source for building smaller, faster, and more secure desktop applications using a web front end. An input validation error vulnerability exists in Tauri versions 1.0.0 through 1.0.9, 1.1.0 through 1.1.4, and 1.2.0 through 1.2, which stems from the fact that isolation can be...

5.4CVSS5.7AI score0.00524EPSS
Exploits0References8
OSV
OSV
added 2023/05/03 9:57 p.m.141 views

GHSA-4WM2-CWCF-WWVP Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

Impact The Tauri IPC is usually strictly isolated from external websites but the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowin...

4.8CVSS5.2AI score0.00524EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2023/05/03 9:57 p.m.109 views

Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

Impact The Tauri IPC is usually strictly isolated from external websites but the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowin...

5.4CVSS6.4AI score0.00524EPSS
Exploits0References11Affected Software1
CNNVD
CNNVD
added 2022/12/24 12:0 a.m.1 views

Tauri 安全漏洞

Tauri is Tauri's open source for building smaller, faster, and more secure desktop applications using a web front end. Tauri version 2.2.1 and earlier versions of a security vulnerability , the vulnerability stems from the parse method does not restrict the name of the "proto" key parsing , which...

8.8CVSS6.7AI score0.09304EPSS
Exploits1References12
NVD
NVD
added 2022/12/23 2:15 p.m.37 views

CVE-2022-46171

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

7.7CVSS0.01006EPSS
Exploits1References3
Prion
Prion
added 2022/12/23 2:15 p.m.17 views

Path traversal

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

4CVSS7.5AI score0.01006EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/23 1:47 p.m.5 views

CVE-2022-46171 Tauri vulnerable to path traversal

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

6.8CVSS7.1AI score0.01006EPSS
Exploits1References3
CVE
CVE
added 2022/12/23 1:47 p.m.76 views

CVE-2022-46171

The CVE-2022-46171 entry concerns the Tauri framework, where filesystem glob pattern wildcards (*, ?, [...]) by default match file path literals and leading dots, unintentionally exposing subfolder contents within allowed paths. This is a path traversal risk tied to the fs scope behavior, particu...

7.7CVSS7AI score0.01006EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/12/23 1:47 p.m.42 views

CVE-2022-46171 Tauri vulnerable to path traversal

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

6.8CVSS7.8AI score0.01006EPSS
Exploits1References3
OSV
OSV
added 2022/12/23 1:47 p.m.28 views

CVE-2022-46171 Tauri vulnerable to path traversal

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

6.8CVSS7.3AI score0.01006EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.5 views

Tauri 路径遍历漏洞

Tauri is Tauri open source to build smaller, faster and more secure desktop applications using a web front end. Tauri has a path traversal vulnerability. Attackers use this vulnerability to obtain the contents of the path's sub-folder...

7.7CVSS7.3AI score0.01006EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/12/22 8:3 p.m.7 views

tauri-plugin-fs (>=2.0.0-alpha.0 <=2.0.0-alpha.2) potentially affected by CVE-2022-46171 via tauri (=2.0.0-alpha.15)

tauri CARGO version =2.0.0-alpha.15 is affected by a known vulnerability. The following packages have a transitive dependency on tauri and may be impacted: - tauri-plugin-fs =2.0.0-alpha.0, =2.0.0-alpha.2 Source cves: CVE-2022-46171 Source advisory: OSV:GHSA-6MV3-WM7J-H4W5...

7.7CVSS7.1AI score0.01006EPSS
Exploits1
OSV
OSV
added 2022/12/22 8:3 p.m.20 views

GHSA-6MV3-WM7J-H4W5 Tauri Filesystem Scope Glob Pattern is too Permissive

Impact The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The fs scope $HOME/.key would also allow $HOME/.ssh/secret.key to be read even though it is in a sub director...

6.8CVSS6.8AI score0.01006EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.9 views

PT-2022-27785 · Tauri · Tauri

Name of the Vulnerable Software and Affected Versions: Tauri versions prior to the latest release Tauri versions 1.x prior to the backported patch Description: The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes su...

7.7CVSS7.3AI score0.01006EPSS
Exploits1References11
Rows per page
Query Builder