- Reported
-
- Issued
-
- Package
-
better-macro
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#rce
#proc-macro
- Aliases
-
- References
-
- Patched
-
no patched versions
- Affected Functions
- Version
better_macro::println-
Description
better-macro is a fake crate which is
"Proving A Point" that proc-macros can run arbitrary code. This is not a particularly
novel or interesting observation.
It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md
which doesn't appear to have any malicious content, but there's no guarantee that
will remain the case.
This crate has no useful functionality, and should not be used.
Advisory available under CC0-1.0
license.