Screenshot of the part of the article mentioned in the opening post where other affected languages are mentioned.
https://M.Breloma.m0xEE.Net/media/4cf7a397-0878-45f6-abb4-dcfa89a2328f/ONYioKo9f1HUTg.png
https://M.Breloma.m0xEE.Net/media/4cf7a397-0878-45f6-abb4-dcfa89a2328f/ONYioKo9f1HUTg.png
Notices where this attachment appears
-
Embed this notice
:marseyloadingneon: m0xEE :marseyloading: (m0xee@breloma.m0xee.net)'s status on Wednesday, 10-Apr-2024 19:53:59 JST 
:marseyloadingneon: m0xEE :marseyloading:
@r000t The vulnerability has nothing to do with memory safety though — they just don't sanitize the arguments passed to cmd thoroughly enough and you can append calling other batch files to it, that's why it's Windows specific.
Personally, I doubt that it's standard library's call at all to do this :marseyshrug:
Not only Rust is affected, but every other language that has similar facilities in the standard library producing binaries that run in Windows — it's even mentioned in the article. And as you can see, for most of them the fix is to mention it in the documentation, for Java it's explicit WONTFIX even. The headline is made clickbait on purpose by Rust being mentioned IMO, no other tech news website put it that way — that is why I have failed to find a similar article on Slashdot or The Register and had to go to Bleeping Computer itself to read about it.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.