CVE-2021-38196 – better-macro

Package

Manager: cargo
Name: better-macro
Vulnerable Version: >=0 <=1.0.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.03365 pctl0.86878

Details

Remote code execution in better-macro An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.

Metadata

Created: 2021-08-25T20:56:00Z
Modified: 2021-08-18T21:21:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-79wf-qcqv-r22r/GHSA-79wf-qcqv-r22r.json
CWE IDs: ["CWE-78", "CWE-94"]
Alternative ID: GHSA-79wf-qcqv-r22r
Finding: F004
Auto approve: 1