CVE-2022-46171

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-46171

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46171.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-46171

Aliases

GHSA-6mv3-wm7j-h4w5

Published

2022-12-23T13:47:56.494Z

Modified

2025-11-28T05:04:06.043155Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

Tauri vulnerable to path traversal

Details

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards *, ?, and [...] match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As ** allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46171.json"
}

References

Affected packages

Git / github.com/tauri-apps/tauri

Affected ranges

Type

GIT

Repo

https://github.com/tauri-apps/tauri

Events

Introduced

13c2fc1ffe93163ec5ab0521fffe936e4f2b8077

Fixed

72389b00d7b495ffd7750eb1e75a3b8537d07cf3

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.0.8"
        }
    ]
}

Type

GIT

Repo

https://github.com/tauri-apps/tauri

Events

Introduced

3ceed62686b92b3ab0bcaa00446e107b8cb4646b

Fixed

72389b00d7b495ffd7750eb1e75a3b8537d07cf3

Database specific

{
    "versions": [
        {
            "introduced": "1.1.0"
        },
        {
            "fixed": "1.1.3"
        }
    ]
}

Type

GIT

Repo

https://github.com/tauri-apps/tauri

Events

Introduced

2e1bd04775c0f05f1c0b67605e6abec4465dbf84

Fixed

72389b00d7b495ffd7750eb1e75a3b8537d07cf3

Database specific

{
    "versions": [
        {
            "introduced": "1.2.0"
        },
        {
            "fixed": "1.2.3"
        }
    ]
}

Type

GIT

Repo

https://github.com/tauri-apps/tauri

Events

Introduced

dd65bc99b20f508f46db0b9c7dbb9c40623224e8

Fixed

7945e549b73ca104290d7568559635f2d53e0eed

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0-alpha.0"
        },
        {
            "fixed": "2.0.0-alpha.2"
        }
    ]
}

Affected versions

api-v1.*

api-v1.0

api-v1.0.0

api-v1.0.1

api-v1.0.2

api-v1.1

api-v1.1.0

api-v1.2.0

api-v2.*

api-v2.0.0-alpha.0

cli.*

cli.js-v1.0.0

cli.js-v1.0.1

cli.js-v1.0.2

cli.js-v1.0.3

cli.js-v1.0.4

cli.js-v1.0.5

cli.js-v1.1.0

cli.js-v1.1.1

cli.js-v1.2.0

cli.js-v1.2.1

cli.js-v1.2.2

cli.js-v2.0.0-alpha.0

cli.js-v2.0.0-alpha.1

cli.rs-v1.0

cli.rs-v1.0.0

cli.rs-v1.0.1

cli.rs-v1.0.2

cli.rs-v1.0.3

cli.rs-v1.0.4

cli.rs-v1.0.5

cli.rs-v1.1

cli.rs-v1.1.0

cli.rs-v1.1.1

cli.rs-v1.2.0

cli.rs-v1.2.1

cli.rs-v1.2.2

cli.rs-v2.0.0-alpha.0

cli.rs-v2.0.0-alpha.1

tauri-build-v1.*

tauri-build-v1.0

tauri-build-v1.0.0

tauri-build-v1.0.1

tauri-build-v1.0.2

tauri-build-v1.0.3

tauri-build-v1.0.4

tauri-build-v1.1

tauri-build-v1.1.0

tauri-build-v1.1.1

tauri-build-v1.2

tauri-build-v1.2.0

tauri-build-v1.2.1

tauri-build-v2.*

tauri-build-v2.0.0-alpha.0

tauri-bundler-v1.*

tauri-bundler-v1.0

tauri-bundler-v1.0.0

tauri-bundler-v1.0.1

tauri-bundler-v1.0.2

tauri-bundler-v1.0.3

tauri-bundler-v1.0.4

tauri-bundler-v1.0.5

tauri-bundler-v1.0.6

tauri-bundler-v1.0.7

tauri-bundler-v1.1

tauri-bundler-v1.1.0

tauri-bundler-v1.1.1

tauri-bundler-v1.1.2

tauri-bundler-v2.*

tauri-bundler-v2.0.0-alpha.0

tauri-codegen-v1.*

tauri-codegen-v1.0

tauri-codegen-v1.0.0

tauri-codegen-v1.0.1

tauri-codegen-v1.0.2

tauri-codegen-v1.0.3

tauri-codegen-v1.0.4

tauri-codegen-v1.1

tauri-codegen-v1.1.0

tauri-codegen-v1.1.1

tauri-codegen-v1.2

tauri-codegen-v1.2.0

tauri-codegen-v1.2.1

tauri-codegen-v2.*

tauri-codegen-v2.0.0-alpha.0

tauri-macros-v1.*

tauri-macros-v1.0

tauri-macros-v1.0.0

tauri-macros-v1.0.1

tauri-macros-v1.0.2

tauri-macros-v1.0.3

tauri-macros-v1.0.4

tauri-macros-v1.1

tauri-macros-v1.1.0

tauri-macros-v1.1.1

tauri-macros-v1.2

tauri-macros-v1.2.0

tauri-macros-v1.2.1

tauri-macros-v2.*

tauri-macros-v2.0.0-alpha.0

tauri-runtime-v0.*

tauri-runtime-v0.10.0

tauri-runtime-v0.10.1

tauri-runtime-v0.10.2

tauri-runtime-v0.11.0

tauri-runtime-v0.11.1

tauri-runtime-v0.12.0

tauri-runtime-v0.12.1

tauri-runtime-v0.13.0-alpha.0

tauri-runtime-v0.9

tauri-runtime-v0.9.0

tauri-runtime-wry-v0.*

tauri-runtime-wry-v0.10.0

tauri-runtime-wry-v0.10.1

tauri-runtime-wry-v0.10.2

tauri-runtime-wry-v0.11.0

tauri-runtime-wry-v0.11.1

tauri-runtime-wry-v0.12.0

tauri-runtime-wry-v0.12.1

tauri-runtime-wry-v0.12.2

tauri-runtime-wry-v0.13.0-alpha.0

tauri-runtime-wry-v0.9

tauri-runtime-wry-v0.9.0

tauri-utils-v1.*

tauri-utils-v1.0

tauri-utils-v1.0.0

tauri-utils-v1.0.1

tauri-utils-v1.0.2

tauri-utils-v1.0.3

tauri-utils-v1.1

tauri-utils-v1.1.0

tauri-utils-v1.1.1

tauri-utils-v1.2

tauri-utils-v1.2.0

tauri-utils-v1.2.1

tauri-utils-v2.*

tauri-utils-v2.0.0-alpha.0

tauri-v1.*

tauri-v1.0.0

tauri-v1.0.1

tauri-v1.0.2

tauri-v1.0.3

tauri-v1.0.4

tauri-v1.0.5

tauri-v1.0.7

tauri-v1.1.0

tauri-v1.1.1

tauri-v1.1.2

tauri-v1.2.0

tauri-v1.2.1

tauri-v1.2.2

tauri-v2.*

tauri-v2.0.0-alpha.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5