Lucene search
+L

151 matches found

OSV
OSV
added 2022/12/22 8:3 p.m.21 views

GHSA-6MV3-WM7J-H4W5 Tauri Filesystem Scope Glob Pattern is too Permissive

Impact The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The fs scope $HOME/.key would also allow $HOME/.ssh/secret.key to be read even though it is in a sub director...

6.8CVSS6.8AI score0.01006EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.13 views

PT-2022-27785 · Tauri · Tauri

Name of the Vulnerable Software and Affected Versions: Tauri versions prior to the latest release Tauri versions 1.x prior to the backported patch Description: The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes su...

7.7CVSS7.3AI score0.01006EPSS
Exploits1References11
NVD
NVD
added 2022/11/10 9:15 p.m.41 views

CVE-2022-41874

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...

4.7CVSS0.00421EPSS
Exploits0References1
Prion
Prion
added 2022/11/10 9:15 p.m.20 views

Design/Logic Flaw

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...

4.3CVSS4.8AI score0.00421EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/10 12:0 a.m.74 views

CVE-2022-41874

CVE-2022-41874 affects Tauri up to versions prior to 1.0.7 and 1.1.2, where incorrect escaping in file dialog and drag-and-drop paths can partially bypass the fs scope definition. The bypass is limited to neighboring files/subfolders of already allowed paths and depends on the user selecting a pr...

4.7CVSS4.3AI score0.00421EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/10 12:0 a.m.5 views

CVE-2022-41874 Tauri Filesystem Scope can be Partially Bypassed

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...

2.6CVSS4.7AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.6 views

Tauri 安全漏洞

Tauri is Tauri open source to build smaller, faster and more secure desktop applications using a Web front end. Tauri versions prior to 1.0.7 and 1.1.2 have a security vulnerability , the vulnerability stems from its file dialog box and drag-and-drop functionality to select the path of special...

4.7CVSS5.2AI score0.00421EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.46 views

CVE-2022-41874 Tauri Filesystem Scope can be Partially Bypassed

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...

2.6CVSS5AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2022/11/10 12:0 a.m.29 views

CVE-2022-41874 Tauri Filesystem Scope can be Partially Bypassed

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...

2.6CVSS5AI score0.00421EPSS
Exploits0References3
OSV
OSV
added 2022/11/08 5:33 p.m.17 views

GHSA-Q9WV-22M9-VHQH Tauri Filesystem Scope can be Partially Bypassed

Impact Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the fs scope definition. It was not possible to traverse into arbitrary paths, as the issue was limited to neighboring files and sub...

2.3CVSS4.3AI score0.00421EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/11/08 5:33 p.m.30 views

Tauri Filesystem Scope can be Partially Bypassed

Impact Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the fs scope definition. It was not possible to traverse into arbitrary paths, as the issue was limited to neighboring files and sub...

4.7CVSS5.3AI score0.00421EPSS
Exploits0References6Affected Software1
RustSec
RustSec
added 2022/09/19 12:0 p.m.22 views

`tauri` filesystem scope partial bypass

A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...

4.7CVSS4.7AI score0.00421EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/09/19 12:0 p.m.56 views

RUSTSEC-2022-0091 `tauri` filesystem scope partial bypass

A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...

2.3CVSS4.1AI score0.00421EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.9 views

PT-2022-26107 · Tauri · Tauri

Name of the Vulnerable Software and Affected Versions: Tauri versions prior to 1.0.7 Tauri versions prior to 1.1.2 Description: The issue is related to an Incorrectly-Resolved Name, where incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionalit...

4.7CVSS4.3AI score0.00421EPSS
Exploits0References11
vulnersOsv
vulnersOsv
added 2022/09/16 7:28 p.m.7 views

tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)

tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:GHSA-28M8-9J7V-X499...

8.3CVSS6.2AI score0.00802EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/09/16 7:28 p.m.37 views

Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links

Impact Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked...

8.3CVSS5.6AI score0.00802EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2022/09/16 7:28 p.m.26 views

GHSA-28M8-9J7V-X499 Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links

Impact Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked...

5.8CVSS6.5AI score0.00802EPSS
Exploits1References9
NVD
NVD
added 2022/09/15 10:15 p.m.28 views

CVE-2022-39215

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...

8.3CVSS0.00802EPSS
Exploits1References4
Prion
Prion
added 2022/09/15 10:15 p.m.16 views

Design/Logic Flaw

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...

5CVSS5.6AI score0.00802EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/09/15 9:35 p.m.43 views

CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...

8.3CVSS8.4AI score0.00802EPSS
Exploits1References4
Rows per page
Query Builder