Messycomposer

**Name of the Vulnerable Software and Affected Versions** Tauri versions prior to 1.0.7 Tauri versions prior to 1.1.2 **Description** The issue is related to an Incorrectly-Resolved Name, where incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality allows for a partial bypass of the `fs` scope definition. This bypass is limited to neighboring files and subfolders of already allowed paths. The impact varies across Windows, MacOS, and Linux due to differences in valid path characters. A successful bypass requires a user to select a pre-existing malicious file or directory during the file picker dialog and an adversary-controlled logic to access these files. **Recommendations** For versions prior to 1.0.7, update to version 1.0.7 or later. For versions prior to 1.1.2, update to version 1.1.2 or later. As a temporary workaround, disable the `dialog` and `fileDropEnabled` component inside the `tauri.conf.json`.