CVE-2024-58266

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions shlex crate versions prior to 1.2.1

Description The shlex crate before version 1.2.1 for Rust allows unquoted and unescaped instances of the { and xa0 characters, which may facilitate command injection.

Recommendations Update the shlex crate to version 1.2.1 or later.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

AZL-66008

AZL-66017

AZL-66029

AZL-66035

CVE-2024-58266

GHSA-286M-6PG9-V42V

GHSA-R7QV-8R2H-PG27

OPENSUSE-SU-2025:15433-1

RUSTSEC-2024-0006

SUSE-SU-2025:03077-1

SUSE-SU-2025:03092-1

SUSE-SU-2025:20717-1

SUSE-SU-2025:20858-1

SUSE-SU-2025_03077-1

Affected Products

Debian

Suse

Shlex

CVE-2024-58266

Weakness Enumeration

Related Identifiers

Affected Products

References · 44