






























The Rust team has published a new point release of Rust, 1.77.2. Rust is a programming language that is empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, getting Rust 1.77.2 is as easy as:
rustup update stable
If you don't have it already, you can get rustup from the
appropriate page on our website.
This release includes a fix for CVE-2024-24576.
Before this release, the Rust standard library did not properly escape
arguments when invoking batch files (with the bat and cmd extensions) on
Windows using the Command API. An attacker able to control the arguments
passed to the spawned process could execute arbitrary shell commands by
bypassing the escaping.
This vulnerability is CRITICAL if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected.
You can learn more about the vulnerability in the dedicated advisory.
Many people came together to create Rust 1.77.2. We couldn't have done it without all of you. Thanks!
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。