You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding quotes around the value is not sufficient - the value could contain quotes or end with backslash, and cause the value to become arbitrary Rust source code.
With the current set of inputs I don't think it's a real vulnerability, but it does increase risk of creating one if some more arbitrary build info was added in the future.
The text was updated successfully, but these errors were encountered:
Code generator doesn't escape strings:
https://github.com/rustyhorde/vergen/blob/master/src/output/codegen.rs#L23
Adding quotes around the value is not sufficient - the value could contain quotes or end with backslash, and cause the value to become arbitrary Rust source code.
With the current set of inputs I don't think it's a real vulnerability, but it does increase risk of creating one if some more arbitrary build info was added in the future.
The text was updated successfully, but these errors were encountered: