OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-05 11:10:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory Tauri filesystem scope bypass (#1571)

Browse Source 
* Add advisory Tauri filesystem scope bypass

* Fix version ranges

---------

Co-authored-by: sidunder <sidunder@users.noreply.github.com>
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
This commit is contained in:
sidunder
2023-02-25 10:31:37 -04:00
committed by GitHub
parent 6e74bc0d18
commit eadc6fea9e
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/tauri/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "tauri"
date = "2022-09-19"
url = "https://github.com/tauri-apps/tauri/issues/5234"
categories = ["privilege-escalation"]
aliases = ["CVE-2022-41874", "GHSA-q9wv-22m9-vhqh"]
cvss = "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N"
[versions]
patched = [">= 1.0.7, < 1.1.0", ">= 1.1.2"]
unaffected = ["< 1.0.0"]
```
# `tauri` filesystem scope partial bypass
A bug identified in [this](https://github.com/tauri-apps/tauri/issues/5234) issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities.
[This](https://github.com/tauri-apps/tauri/pull/5237) PR fixes the issue by escaping glob characters.