CVE-2021-38196

moderate-risk
Published 2021-08-08

An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Better-Macro

Affected Vendors

Better-Macro Project

References (4)

Third Party Advisory https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/better-macro/R...
Exploit https://rustsec.org/advisories/RUSTSEC-2021-0077.html
Third Party Advisory https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/better-macro/R...
Exploit https://rustsec.org/advisories/RUSTSEC-2021-0077.html
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal