Impact
Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked.
Patches
The issue has been resolved in tauri-apps/tauri#5123 and the implementation now properly checks if the
requested (sub) directory is a symbolic link outside of the defined scope.
Workarounds
Disable the readDir endpoint in the allowlist inside the tauri.conf.json.
For more information
This issue was initially reported by martin-ocasek in #4882.
If you have any questions or comments about this advisory:
References
martin-ocasek Analyst
Impact
Due to missing canonicalization when
readDiris called recursively, it was possible to display directory listings outside of the definedfsscope. This required a crafted symbolic link or junction folder inside an allowed path of thefsscope. No arbitrary file content could be leaked.Patches
The issue has been resolved in tauri-apps/tauri#5123 and the implementation now properly checks if the
requested (sub) directory is a symbolic link outside of the defined
scope.Workarounds
Disable the
readDirendpoint in theallowlistinside thetauri.conf.json.For more information
This issue was initially reported by martin-ocasek in #4882.
If you have any questions or comments about this advisory:
References