9 matches found
CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
CVE-2024-24576
CVE-2024-24576 affects Rust’s standard library on Windows where Command::arg/args escaping for batch files was not thorough enough. This could allow arbitrary shell commands when untrusted input is passed to batch file invocations via cmd.exe, enabling LPE/RCE scenarios as described in PoC and pu...
GHSA-7PWQ-F4PQ-78GM `rustdecimal` is a malicious crate
The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...
malicious crate `rustdecimal`
The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...
Race condition
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
Compilers permit Unicode control and homoglyph characters
Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted differently by a compiler than it appears visually to a human reviewer. Source code compilers,...
XSS in mdBook
This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...
RUSTSEC-2021-0001 XSS in mdBook's search page
This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...