CVE-2024-58266

Опубликовано: 27 июл. 2025

Источник: nvd

CVSS3: 3.2

CVSS3: 9.8

EPSS Низкий

Описание

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

Ссылки

https://crates.io/crates/shlex
Product
https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27
Vendor Advisory
https://rustsec.org/advisories/RUSTSEC-2024-0006.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:comex:shlex:*:*:*:*:*:rust:*:*

Версия до 1.2.1 (исключая)

EPSS

Процентиль: 14%

0.0006

Низкий

3.2 Low

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-116

Связанные уязвимости

CVE-2024-58266

CVSS3: 3.2

ubuntu

4 месяца назад

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

CVE-2024-58266

CVSS3: 3.2

redhat

4 месяца назад

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

CVE-2024-58266

CVSS3: 3.2

msrc

3 месяца назад

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

CVE-2024-58266

CVSS3: 3.2

debian

4 месяца назад

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped in ...

SUSE-SU-2025:03077-1

suse-cvrf

3 месяца назад

Security update for rav1e

EPSS

Процентиль: 14%

0.0006

Низкий

3.2 Low

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-116