CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41874 – Tauri Filesystem Scope can be Partially Bypassed
https://notcve.org/view.php?id=CVE-2022-41874
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. • https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh • CWE-668: Exposure of Resource to Wrong Sphere CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39215 – The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
https://notcve.org/view.php?id=CVE-2022-39215
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. • https://github.com/tauri-apps/tauri/issues/4882 https://github.com/tauri-apps/tauri/pull/5123 https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678 https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •