VDB
GCVE-110-MAGEIA-2025-136
GCVE-110-MAGEIA-2025-136
Advisory Published
The Rust Security Response WG was notified that the Rust standard
library did not properly escape arguments when invoking batch files
(with the bat and cmd extensions) on Windows using the Command API. An
attacker able to control the arguments passed to the spawned process
could execute arbitrary shell commands by bypassing the escaping.
The severity of this vulnerability is critical if you are invoking batch
files on Windows with untrusted arguments. No other platform or use is
affected.
We update to rust 1.78.0 for future mesa updates in mageia 9.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | rust | 0 (affected), 1.78.0-1.mga9 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.