What is CVE-2022-39215?

CVE-2022-39215 is a high-severity vulnerability in Tauri-apps Tauri, classified under Path Traversal. CVSS score: 8.3/10. Published 2022-09-15.

How severe is CVE-2022-39215?

High severity. CVSS v3 base score is 8.3 out of 10.

Is CVE-2022-39215 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Tauri-apps Tauri

CVE-2022-39215

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This require…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.005 (64.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L.

Affected products

Tauri-apps Tauri — versions < 1.0.6

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

karimhabush/cyberowl

References

github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499 (x_refsource_CONFIRM)
github.com/tauri-apps/tauri/issues/4882 (x_refsource_MISC)
github.com/tauri-apps/tauri/pull/5123 (x_refsource_MISC)
github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb3… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-39215?: CVE-2022-39215 is a high-severity vulnerability in Tauri-apps Tauri, classified under Path Traversal. CVSS score: 8.3/10. Published 2022-09-15.
How severe is CVE-2022-39215?: High severity. CVSS v3 base score is 8.3 out of 10.
Is CVE-2022-39215 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.