Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iFrames Bypass Origin Checks for Tauri API Access Control
Vulnerability Description
Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid commands with potentially unwanted consequences ("delete project", "transfer credits", etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Tauri 安全漏洞
Vulnerability Description
Tauri是Tauri开源的一个使用 Web 前端构建更小、更快、更安全的桌面应用程序。 Tauri存在安全漏洞,该漏洞源于允许攻击者通过应用程序中的远程源iFrame访问Tauri IPC端点并执行delete project等命令。受影响的产品和版本:Tauri 1.6.6及之前版本,2.0.0-beta.0至2.0.0-beta.19版本。
CVSS Information
N/A
Vulnerability Type
N/A