What is CVE-2022-41874?

CVE-2022-41874 is a low-severity vulnerability in Tauri-apps Tauri, classified under Exposure of Resource to Wrong Sphere. CVSS score: 2.6/10. Published 2022-11-10.

How severe is CVE-2022-41874?

Low severity. CVSS v3 base score is 2.6 out of 10.

Vulnerability in Tauri-apps Tauri

CVE-2022-41874

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via th…

EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.6 (Low). Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N.

Affected products

Tauri-apps Tauri — versions >= 1.0.0, <1.0.7, >= 1.1.0, <1.1.2

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere
CWE-706 — Use of Incorrectly-Resolved Name or Reference

References

github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh

Frequently asked questions

What is CVE-2022-41874?: CVE-2022-41874 is a low-severity vulnerability in Tauri-apps Tauri, classified under Exposure of Resource to Wrong Sphere. CVSS score: 2.6/10. Published 2022-11-10.
How severe is CVE-2022-41874?: Low severity. CVSS v3 base score is 2.6 out of 10.