The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.

  • @whereisk
    link
    English
    48 months ago

    I think it’s partly because Rust has been promoted as inherently secure.

    • @[email protected]
      link
      fedilink
      English
      98 months ago

      But nothing is so secure that it automatically fixes all design flaws in everything it interacts with.

      • @whereisk
        link
        English
        48 months ago

        Absolutely. I merely suggested a contributing factor to answer why media coverage seems so focused on Rust.