RUSTSEC-2021-0077

better-macro has deliberate RCE to prove a point

Issued
Package
better-macro (crates.io)
Type
Vulnerability
Categories
  • code-execution
Details
https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38
Patched
no patched versions
Keywords
  • rce
  • proc-macro
Affected Functions
Version
better_macro::println
  • >1.0.0

Description

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This a particularly novel or interesting observation.

It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but there's no guarantee that will remain the case.

This crate has no useful functionality, and should not be used.

More