CVE-2024-35222 Information

Description

Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. Valid commands with potentially unwanted consequences (\delete project\ ransfer credits\ etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19.

Reference

https://github.com/tauri-apps/tauri/security/advisories/GHSA-57fm-592m-34r7 https://github.com/tauri-apps/tauri/issues/8316