The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.

  • taladar@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    24
    ·
    7 months ago

    Interesting how this has been widely reported as a Rust issue but the fact that other languages have no patches yet or do not even plan to patch it has seen little attention.