Lucene search
K

9 matches found

UbuntuCve
UbuntuCve
added 2024/04/09 6:15 p.m.36 views

CVE-2024-24576

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...

10CVSS7.4AI score0.20342EPSS
Exploits10References9
CVE
CVE
added 2024/04/09 5:28 p.m.186 views

CVE-2024-24576

CVE-2024-24576 affects Rust’s standard library on Windows where Command::arg/args escaping for batch files was not thorough enough. This could allow arbitrary shell commands when untrusted input is passed to batch file invocations via cmd.exe, enabling LPE/RCE scenarios as described in PoC and pu...

10CVSS8.9AI score0.20342EPSS
Exploits10References13Affected Software1
OSV
OSV
added 2022/08/11 3:43 p.m.13 views

GHSA-7PWQ-F4PQ-78GM `rustdecimal` is a malicious crate

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

7.1AI score
Exploits0References4
RustSec
RustSec
added 2022/05/10 12:0 p.m.13 views

malicious crate `rustdecimal`

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

0.5AI score
Exploits0
Prion
Prion
added 2022/01/20 6:15 p.m.25 views

Race condition

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

3.3CVSS6.2AI score0.01376EPSS
Exploits1References15Affected Software7
Debian CVE
Debian CVE
added 2022/01/20 12:0 a.m.27 views

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

7.3CVSS6.8AI score0.01376EPSS
Exploits1
CERT
CERT
added 2021/11/09 12:0 a.m.80 views

Compilers permit Unicode control and homoglyph characters

Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted differently by a compiler than it appears visually to a human reviewer. Source code compilers,...

8.3CVSS8.5AI score0.12205EPSS
Exploits5References1
Github Security Blog
Github Security Blog
added 2021/08/25 8:56 p.m.26 views

XSS in mdBook

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

8.2CVSS6.2AI score0.01254EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/01/04 12:0 p.m.22 views

RUSTSEC-2021-0001 XSS in mdBook's search page

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

6.1CVSS6.7AI score0.01254EPSS
Exploits0References3
Rows per page
Query Builder