rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/tauri/RUSTSEC-2022-0088.md
github-actions[bot] bb92d2d5d8 Assigned RUSTSEC-2022-0088 to tauri (#1572) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
2023-02-05 19:48:17 +01:00

794 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2022-0088"
package = "tauri"
date = "2022-08-07"
url = "https://github.com/tauri-apps/tauri/issues/4882"
categories = ["privilege-escalation"]
aliases = ["CVE-2022-39215", "GHSA-28m8-9j7v-x499"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"

[versions]
patched = [">= 1.0.6"]

tauri's readDir endpoint allows possible enumeration outside of filesystem scope

It is possible for readDir to incorrectly enumerate files from a symlinked directory if called recursively when specifying an empty string for the dir parameter as outlined in this issue.

This is corrected in this PR by checking if a directory is a symlink before reading from it.