RUSTSEC-2022-0091
tauri
filesystem scope partial bypass
- Reported
- Issued
- Package
- tauri (crates.io)
- Type
- Vulnerability
- Categories
- Aliases
- References
- CVSS Score
- 2.3 LOW
- CVSS Details
-
- Attack vector
- Local
- Attack complexity
- High
- Privileges required
- High
- User interaction
- Required
- Scope
- Changed
- Confidentiality
- Low
- Integrity
- None
- Availability
- None
- CVSS Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
- Patched
-
>=1.0.7, <1.1.0
>=1.1.2
- Unaffected
-
<1.0.0
Description
A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities.
This PR fixes the issue by escaping glob characters.
Advisory available under CC0-1.0 license.