CVE-2024-58266 Information

Description

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters which may facilitate command injection.

Reference

https://crates.io/crates/shlex https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 https://rustsec.org/advisories/RUSTSEC-2024-0006.html

Related CNNVD

CNNVD-202507-3435 (Published: 2025-07-27)