151 matches found
CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...
CVE-2022-39215
CVE-2022-39215 (Tauri) : The vulnerability stems from missing canonicalization in Tauri’s readDir when called recursively, allowing directory listings to be shown outside the defined fs scope if a crafted symbolic link/junction exists within an allowed path. The issue does not mention leaking arb...
CVE-2022-39215 The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed...
Tauri 后置链接漏洞
Tauri is a Tauri open source for building smaller, faster, and more secure desktop applications using a web front end. Tauri versions prior to 1.0.6 have a backlink vulnerability that stems from a lack of normalization when calling readDir recursively, potentially displaying directory listings...
tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2022-39215 via tauri (>=0.10.0 <=0.9.2)
tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2022-39215 Source advisory: OSV:RUSTSEC-2022-0088...
`tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope
It is possible for readDir to incorrectly enumerate files from a symlinked directory if called recursively when specifying an empty string for the dir parameter as outlined in this issue. This is corrected in this PR by checking if a directory is a symlink before reading from it...
RUSTSEC-2022-0088 `tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope
It is possible for readDir to incorrectly enumerate files from a symlinked directory if called recursively when specifying an empty string for the dir parameter as outlined in this issue. This is corrected in this PR by checking if a directory is a symlink before reading from it...
PT-2022-24815 · Tauri · Tauri
Name of the Vulnerable Software and Affected Versions: Tauri versions prior to 1.0.6 Description: Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction...
tauri-art.com Cross Site Scripting vulnerability OBB-2646928
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Performance-testing the Google I/O site
I've been looking at the performance of F1 websites recently, but before I dig into the last couple of teams, I figured I'd look a little closer to home, and dig into the Google I/O website. 1. Part 1: Methodology & Alpha Tauri 2. Part 2: Alfa Romeo 3. Part 3: Red Bull 4. Part 4: Williams 5. Part...
Who has the fastest F1 website in 2021? Part 1
In 2019 I did a performance review of F1 websites, and it was fun so I figured I'd do it again, but bigger definitely and better I hope. Turns out a lot has changed in the past two years, and well, some things haven't changed. Not interested in F1? It shouldn't matter. This is just a performance...