The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.

  • CancerMancer
    link
    fedilink
    English
    arrow-up
    15
    ·
    8 months ago

    Seems like a Windows issue, not a Rust one. Odd choice to assign it to Rust.

    • taladar
      link
      fedilink
      English
      arrow-up
      11
      ·
      8 months ago

      Yeah, seems very much like “Rust fails to implement elaborate enough workaround for a stupid design choice in Windows”.