OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb02e7e60eec3b4ceeb3459970eb11e5a65726d8
advisory-db/crates/tauri/RUSTSEC-2022-0091.md
github-actions[bot] 81e6e5a8e1 Assigned RUSTSEC-2022-0091 to tauri (#1621) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
2023-02-25 16:16:50 +01:00

718 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0091"
package = "tauri"
date = "2022-09-19"
url = "https://github.com/tauri-apps/tauri/issues/5234"
categories = ["privilege-escalation"]
aliases = ["CVE-2022-41874", "GHSA-q9wv-22m9-vhqh"]
cvss = "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N"

[versions]
patched = [">= 1.0.7, < 1.1.0", ">= 1.1.2"]
unaffected = ["< 1.0.0"]

tauri filesystem scope partial bypass

A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities.

This PR fixes the issue by escaping glob characters.