OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-15 22:04:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9afff95de449f4ebcda32c8464b5efe9ec23c07c
advisory-db/crates/better-macro/RUSTSEC-2021-0077.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

921 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0077"
package = "better-macro"
date = "2021-07-22"
url = "https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38"
categories = ["code-execution"]
keywords = ["rce", "proc-macro"]
aliases = ["CVE-2021-38196", "GHSA-79wf-qcqv-r22r"]

[affected]
functions = { "better_macro::println" = ["> 1.0.0"] }

[versions]
patched = []

better-macro has deliberate RCE to prove a point

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This is not a particularly novel or interesting observation.

It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but there's no guarantee that will remain the case.

This crate has no useful functionality, and should not be used.