Tauri · Tauri · CVE-2022-39215
**Name of the Vulnerable Software and Affected Versions**
Tauri versions prior to 1.0.6
**Description**
Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked.
**Recommendations**
For versions prior to 1.0.6, upgrade to version 1.0.6 or later.
As a temporary workaround for users unable to upgrade, disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.