CVE-2023-34460
Summary
| CVE | CVE-2023-34460 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-23 20:15:00 UTC |
| Updated | 2023-07-05 16:13:00 UTC |
| Description | Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. |
Risk And Classification
Problem Types: CWE-285
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Regression on Filesystem Scope Checks for Dotfiles on Linux and macOS · Advisory · tauri-apps/tauri · GitHub | MISC | github.com | |
| fix(core): fix `require_literal_leading_dot` flipped behavior by amrbashir · Pull Request #7227 · tauri-apps/tauri · GitHub | MISC | github.com | |
| feat(core): add option for `require_literal_leading_dot`, closes #6158 by amrbashir · Pull Request #6969 · tauri-apps/tauri · GitHub | MISC | github.com | |
| fix(core): fix `require_literal_leading_dot` flipped behavior (#7227) · tauri-apps/tauri@066c09a · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.