- Reported
-
- Issued
-
- Package
-
better-macro
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#rce
#proc-macro
- Aliases
-
- Details
-
https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38
- Patched
-
no patched versions
- Affected Functions
- Version
better_macro::println
-
Description
better-macro is a fake crate which is
"Proving A Point" that proc-macros can run arbitrary code. This is not a particularly
novel or interesting observation.
It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md
which doesn't appear to have any malicious content, but there's no guarantee that
will remain the case.
This crate has no useful functionality, and should not be used.