• @Giooschi
    link
    English
    28
    edit-2
    8 months ago

    Because Rust is not the only language that made this faulty assumption. It is an issue that affects Rust’s stdlib, just like it is an issue that affects Python’s stdlib and other libraries. In fact this was first reported as a vulnerability to yt-dlp (where it was actually exploitable) and then discovered it applied to many other libraries (where the exploitability is highly dependent on how the feature is used).

    Rust here is only used as clickbait because of its aim to be “safe”, but its position is no different from other languages.

    If you read the article from the researcher that discovered the vulnerability you’ll see they never call out Rust in particular, only as part of a list of languages that are affected. https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/