5 matches found
tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)
tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:GHSA-28M8-9J7V-X499...
CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...
CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...
CVE-2022-39215
CVE-2022-39215 (Tauri) : The vulnerability stems from missing canonicalization in Tauri’s readDir when called recursively, allowing directory listings to be shown outside the defined fs scope if a crafted symbolic link/junction exists within an allowed path. The issue does not mention leaking arb...
tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)
tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:RUSTSEC-2022-0088...