RUSTSEC-2021-0077

better-macro has deliberate RCE to prove a point

Issued

July 22, 2021

Package

better-macro (crates.io)

Type

Vulnerability

Categories

code-execution

Details

https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38

Patched

no patched versions

Keywords

rce
proc-macro

Affected Functions

Version

better_macro::println

>1.0.0

Description

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This a particularly novel or interesting observation.

It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but there's no guarantee that will remain the case.

This crate has no useful functionality, and should not be used.

Advisory History
Edit Advisory

Description

More