The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri
Description
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined scope. Users are advised to upgrade. Users unable to upgrade should disable the readDir endpoint in the allowlist inside the tauri.conf.json.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tauricrates.io | < 1.0.6 | 1.0.6 |
Affected products
2- Range: < 1.0.6
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-28m8-9j7v-x499ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-39215ghsaADVISORY
- github.com/tauri-apps/tauri/commit/bb178829086e80916f9be190f02d83bc25802799ghsaWEB
- github.com/tauri-apps/tauri/issues/4882ghsax_refsource_MISCWEB
- github.com/tauri-apps/tauri/pull/5123ghsax_refsource_MISCWEB
- github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678ghsax_refsource_MISCWEB
- github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.6ghsaWEB
- github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499ghsax_refsource_CONFIRMWEB
- rustsec.org/advisories/RUSTSEC-2022-0088.htmlghsaWEB
News mentions
0No linked articles in our index yet.