• Sekoia@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Also, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.