CNNVD-202507-3435 Information

CNNVD ID

CNNVD-202507-3435

Related CVE

CVE-2024-58266

• CNNVD Published: 2025-07-27

Description (Chinese)

shlex crate是comex个人开发者的一个Rust库。 shlex crate 1.2.1之前版本存在安全漏洞，该漏洞源于未引用的{和xa0字符可能导致命令注入。

Description (English)

Shlex Krate is a Rust bank of comex personal developers. There is a security loophole in the previous version of shlex crate 1.2.1, which originates from unquoted {and xa0 characters that may lead to command injection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-07-27

Last Modified

2026-02-24

References

https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 https://rustsec.org/advisories/RUSTSEC-2024-0006.html https://crates.io/crates/shlex https://vigilance.fr/vulnerability/shlex-code-execution-via-Command-Injection-48131

Patch

https://github.com/comex/rust-shlex/tags