151 matches found
GHSA-6MV3-WM7J-H4W5 Tauri Filesystem Scope Glob Pattern is too Permissive
Impact The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The fs scope $HOME/.key would also allow $HOME/.ssh/secret.key to be read even though it is in a sub director...
PT-2022-27785 · Tauri · Tauri
Name of the Vulnerable Software and Affected Versions: Tauri versions prior to the latest release Tauri versions 1.x prior to the backported patch Description: The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes su...
CVE-2022-41874
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...
Design/Logic Flaw
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...
CVE-2022-41874
CVE-2022-41874 affects Tauri up to versions prior to 1.0.7 and 1.1.2, where incorrect escaping in file dialog and drag-and-drop paths can partially bypass the fs scope definition. The bypass is limited to neighboring files/subfolders of already allowed paths and depends on the user selecting a pr...
CVE-2022-41874 Tauri Filesystem Scope can be Partially Bypassed
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...
Tauri 安全漏洞
Tauri is Tauri open source to build smaller, faster and more secure desktop applications using a Web front end. Tauri versions prior to 1.0.7 and 1.1.2 have a security vulnerability , the vulnerability stems from its file dialog box and drag-and-drop functionality to select the path of special...
CVE-2022-41874 Tauri Filesystem Scope can be Partially Bypassed
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...
CVE-2022-41874 Tauri Filesystem Scope can be Partially Bypassed
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...
GHSA-Q9WV-22M9-VHQH Tauri Filesystem Scope can be Partially Bypassed
Impact Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the fs scope definition. It was not possible to traverse into arbitrary paths, as the issue was limited to neighboring files and sub...
Tauri Filesystem Scope can be Partially Bypassed
Impact Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the fs scope definition. It was not possible to traverse into arbitrary paths, as the issue was limited to neighboring files and sub...
`tauri` filesystem scope partial bypass
A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...
RUSTSEC-2022-0091 `tauri` filesystem scope partial bypass
A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...
PT-2022-26107 · Tauri · Tauri
Name of the Vulnerable Software and Affected Versions: Tauri versions prior to 1.0.7 Tauri versions prior to 1.1.2 Description: The issue is related to an Incorrectly-Resolved Name, where incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionalit...
tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)
tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:GHSA-28M8-9J7V-X499...
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Impact Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked...
GHSA-28M8-9J7V-X499 Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Impact Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked...
CVE-2022-39215
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...
Design/Logic Flaw
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...
CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...