CVE-2021-38196

Name of the Vulnerable Software and Affected Versions: better-macro crate through 2021-07-22

Description: The issue allows remote attackers to execute arbitrary code via proc-macros. The better-macro crate has no legitimate purpose and is intended to demonstrate this capability. It opens a URL, https://github.com/raycar5/better-macro/blob/master/doc/hi.md, which currently does not contain malicious content, but its safety is not guaranteed.

Recommendations: For better-macro crate through 2021-07-22, avoid using this crate as it has no useful functionality and can pose a security risk. As a temporary workaround, consider restricting the use of proc-macros until a safer alternative is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.