VDB

GCVE-110-MAGEIA-2025-136

GCVE-110-MAGEIA-2025-136
Advisory Published
Vulnetix · Advisory published April 17, 2025
The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected. We update to rust 1.78.0 for future mesa updates in mageia 9.

Affected Products

VendorProductVersionsPlatforms
Mageiarust0 (affected), 1.78.0-1.mga9 (unaffected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›