Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39215

Sept. 15, 2022, 10:15 p.m. |

National Vulnerability Database nist.gov

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic …

cve

Chief Information Security Officer

@ Los Angeles Unified School District | Los Angeles

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Sr. Malware Researcher - Windows Software Engineer

@ SentinelOne | Brno, South Moravian, Czech Republic

Senior Cyber Security Incident Response Analyst

@ ServiceNow | Dublin, Ireland

Staff, Privacy Compliance Monitoring

@ Coupang | Seoul, South Korea

VULNERABILITY MANAGER

@ Security Bank | Makati, Makati, Philippines

Cyber Security Analyst

@ Avery Dennison | Bengaluru/Remote, India

Security Incident Response Manager (Remote, Americas)

@ Shopify | Dallas, TX, United States

Sr. Compliance Specialist (Screening)

@ Coupang | Seoul, South Korea