HistoryEdit

RUSTSEC-2022-0091

tauri filesystem scope partial bypass

Reported
Issued
Package
tauri (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/tauri-apps/tauri/issues/5234
CVSS Score
2.3 LOW
CVSS Details
Attack vector
Local
Attack complexity
High
Privileges required
High
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
Patched
  • >=1.0.7, <1.1.0
  • >=1.1.2
Unaffected
  • <1.0.0

Description

A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities.

This PR fixes the issue by escaping glob characters.