mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

Alexander Kjäll f4a8973706 add cve info to advisories (#1099 )

* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

2021-11-06 21:37:35 +01:00

898 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0077"
package = "better-macro"
date = "2021-07-22"
url = "https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38"
categories = ["code-execution"]
keywords = ["rce", "proc-macro"]
aliases = ["CVE-2021-38196"]

[affected]
functions = { "better_macro::println" = ["> 1.0.0"] }

[versions]
patched = []

`better-macro` has deliberate RCE to prove a point

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This is not a particularly novel or interesting observation.

It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but there's no guarantee that will remain the case.

This crate has no useful functionality, and should not be used.

898 B Raw Blame History

better-macro has deliberate RCE to prove a point

898 B

Raw Blame History

`better-macro` has deliberate RCE to prove a point