Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-39215

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.6%
CVSS Severity
CVSS v3 Score 8.3
Products affected by CVE-2022-39215
  • Tauri » Tauri » Version: N/A
    cpe:2.3:a:tauri:tauri:-
  • Tauri » Tauri » Version: 0.10
    cpe:2.3:a:tauri:tauri:0.10
  • Tauri » Tauri » Version: 0.10.0
    cpe:2.3:a:tauri:tauri:0.10.0
  • Tauri » Tauri » Version: 0.11
    cpe:2.3:a:tauri:tauri:0.11
  • Tauri » Tauri » Version: 0.11.0
    cpe:2.3:a:tauri:tauri:0.11.0
  • Tauri » Tauri » Version: 0.11.1
    cpe:2.3:a:tauri:tauri:0.11.1
  • Tauri » Tauri » Version: 0.8
    cpe:2.3:a:tauri:tauri:0.8
  • Tauri » Tauri » Version: 0.8.0
    cpe:2.3:a:tauri:tauri:0.8.0
  • Tauri » Tauri » Version: 0.9
    cpe:2.3:a:tauri:tauri:0.9
  • Tauri » Tauri » Version: 0.9.0
    cpe:2.3:a:tauri:tauri:0.9.0
  • Tauri » Tauri » Version: 0.9.1
    cpe:2.3:a:tauri:tauri:0.9.1
  • Tauri » Tauri » Version: 0.9.2
    cpe:2.3:a:tauri:tauri:0.9.2
  • Tauri » Tauri » Version: 1
    cpe:2.3:a:tauri:tauri:1
  • Tauri » Tauri » Version: 1.0
    cpe:2.3:a:tauri:tauri:1.0
  • Tauri » Tauri » Version: 1.0.0
    cpe:2.3:a:tauri:tauri:1.0.0
  • Tauri » Tauri » Version: 1.0.1
    cpe:2.3:a:tauri:tauri:1.0.1
  • Tauri » Tauri » Version: 1.0.2
    cpe:2.3:a:tauri:tauri:1.0.2
  • Tauri » Tauri » Version: 1.0.3
    cpe:2.3:a:tauri:tauri:1.0.3
  • Tauri » Tauri » Version: 1.0.4
    cpe:2.3:a:tauri:tauri:1.0.4
  • Tauri » Tauri » Version: 1.0.5
    cpe:2.3:a:tauri:tauri:1.0.5


Products
Pricing
Contact Us

Shodan ® - All rights reserved