Warning
This post was published 257 days ago. The information described in this article may have changed.
The Rust team has published a new point release of Rust, 1.77.2. Rust is a programming language that is empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, getting Rust 1.77.2 is as easy as:
rustup update stable
If you don't have it already, you can get rustup
from the
appropriate page on our website.
This release includes a fix for CVE-2024-24576.
Before this release, the Rust standard library did not properly escape
arguments when invoking batch files (with the bat
and cmd
extensions) on
Windows using the Command
API. An attacker able to control the arguments
passed to the spawned process could execute arbitrary shell commands by
bypassing the escaping.
This vulnerability is CRITICAL if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected.
You can learn more about the vulnerability in the dedicated advisory.
Many people came together to create Rust 1.77.2. We couldn't have done it without all of you. Thanks!
🏷️ Rust_feed