Critical Rust flaw enables Windows command injection attacks
09-Apr-24
A critical vulnerability in the Rust standard library, tracked as CVE-2024-24576, enables threat actors to execute command injection attacks on Windows systems. Unauthenticated attackers can exploit this flaw remotely without user interaction. Rust versions before 1.77.2 on Windows are affected, and the Rust security team has improved escaping code in the Command API to address the issue. Other programming languages, including Erlang, Go, Haskell, Node.js, PHP, Python, and Ruby, are also impacted to varying degrees. The White House has advocated for the adoption of memory-safe languages like Rust to enhance software security.
