Vulnerability Change Records for CVE-2024-35222
Change History
New CVE Received by NIST 5/23/2024 10:15:09 AM
Action |
Type |
Old Value |
New Value |
Added |
CVSS V3.1 |
|
GitHub, Inc. AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
|
Added |
CWE |
|
GitHub, Inc. CWE-284
|
Added |
Description |
|
Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid commands with potentially unwanted consequences ("delete project", "transfer credits", etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19.
|
Added |
Reference |
|
GitHub, Inc. https://github.com/tauri-apps/tauri/issues/8316 [No types assigned]
|
Added |
Reference |
|
GitHub, Inc. https://github.com/tauri-apps/tauri/security/advisories/GHSA-57fm-592m-34r7 [No types assigned]
|
|