The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.

  • taladar
    link
    fedilink
    English
    arrow-up
    24
    ·
    8 months ago

    Interesting how this has been widely reported as a Rust issue but the fact that other languages have no patches yet or do not even plan to patch it has seen little attention.

    • CancerMancer
      link
      fedilink
      English
      arrow-up
      15
      ·
      8 months ago

      Seems like a Windows issue, not a Rust one. Odd choice to assign it to Rust.

      • taladar
        link
        fedilink
        English
        arrow-up
        11
        ·
        8 months ago

        Yeah, seems very much like “Rust fails to implement elaborate enough workaround for a stupid design choice in Windows”.

      • taladar
        link
        fedilink
        English
        arrow-up
        9
        ·
        8 months ago

        But nothing is so secure that it automatically fixes all design flaws in everything it interacts with.

        • whereisk@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          8 months ago

          Absolutely. I merely suggested a contributing factor to answer why media coverage seems so focused on Rust.