Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2022/09/16 7:28 p.m.7 views

tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)

tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:GHSA-28M8-9J7V-X499...

8.3CVSS6.2AI score0.00802EPSS
Exploits1
Cvelist
Cvelist
added 2022/09/15 9:35 p.m.43 views

CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...

8.3CVSS8.4AI score0.00802EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/09/15 9:35 p.m.5 views

CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...

8.3CVSS8.4AI score0.00802EPSS
Exploits1References4
CVE
CVE
added 2022/09/15 9:35 p.m.72 views

CVE-2022-39215

CVE-2022-39215 (Tauri) : The vulnerability stems from missing canonicalization in Tauri’s readDir when called recursively, allowing directory listings to be shown outside the defined fs scope if a crafted symbolic link/junction exists within an allowed path. The issue does not mention leaking arb...

8.3CVSS6.7AI score0.00802EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/07 12:0 p.m.4 views

tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)

tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:RUSTSEC-2022-0088...

8.3CVSS6.2AI score0.00802EPSS
Exploits1
Rows per page
Query Builder