{"id":"RUSTSEC-2022-0091","summary":"`tauri` filesystem scope partial bypass","details":"A bug identified in [this](https://github.com/tauri-apps/tauri/issues/5234) issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities.\n\n[This](https://github.com/tauri-apps/tauri/pull/5237) PR fixes the issue by escaping glob characters.","aliases":["CVE-2022-41874","GHSA-q9wv-22m9-vhqh"],"modified":"2023-11-08T04:10:33.403373Z","published":"2022-09-19T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/tauri"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0091.html"},{"type":"REPORT","url":"https://github.com/tauri-apps/tauri/issues/5234"}],"affected":[{"package":{"name":"tauri","ecosystem":"crates.io","purl":"pkg:cargo/tauri"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.0.0"},{"fixed":"1.0.7"},{"introduced":"1.1.0"},{"fixed":"1.1.2"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"os":[],"arch":[]}},"database_specific":{"informational":null,"categories":["privilege-escalation"],"cvss":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0091.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N"}]}