CVE-2023-34460

Name of the Vulnerable Software and Affected Versions Tauri versions 1.4.0

Description The issue is related to a regression in the Filesystem scope check for dotfiles on Unix systems, introduced in the 1.4.0 release. This regression affects Tauri applications using wildcard scopes in the fs endpoint, allowing implicit access to dotfiles. The problem can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Tauri version 1.4.0, update to version 1.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the fs endpoint until the update is applied.