The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.
The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.
Interesting how this has been widely reported as a Rust issue but the fact that other languages have no patches yet or do not even plan to patch it has seen little attention.
Seems like a Windows issue, not a Rust one. Odd choice to assign it to Rust.
Yeah, seems very much like “Rust fails to implement elaborate enough workaround for a stupid design choice in Windows”.
I think it’s because it was first identified in Rust so news media ran with that.
I think it’s partly because Rust has been promoted as inherently secure.
But nothing is so secure that it automatically fixes all design flaws in everything it interacts with.
Absolutely. I merely suggested a contributing factor to answer why media coverage seems so focused on Rust.