Описание
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir
is called recursively, it was possible to display directory listings outside of the defined fs
scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs
scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined scope
. Users are advised to upgrade. Users unable to upgrade should disable the readDir
endpoint in the allowlist
inside the tauri.conf.json
.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- MitigationPatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- MitigationPatchThird Party Advisory
Уязвимые конфигурации
EPSS
8.3 High
CVSS3
5.8 Medium
CVSS3
Дефекты
Связанные уязвимости
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
EPSS
8.3 High
CVSS3
5.8 Medium
CVSS3