Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dnx4-ezu6-ffdn
Vulnerability ID VCID-dnx4-ezu6-ffdn
Aliases CVE-2024-43402
Summary rust: Rust standard library did not properly escape arguments when invoking batch files on Windows using the Command API
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-43402
cvssv3.1 8.2 https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
ssvc Track https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
cvssv3.1 8.2 https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
ssvc Track https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
cvssv3.1 8.2 https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters
ssvc Track https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json
https://api.first.org/data/v1/epss?cve=CVE-2024-43402
2309748 https://bugzilla.redhat.com/show_bug.cgi?id=2309748
cve-2024-24576.html https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
file-folder-name-whitespace-characters https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters
GHSA-2xg3-7mm6-98jj https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/ Found at https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/ Found at https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/ Found at https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters
Exploit Prediction Scoring System (EPSS)
Percentile 0.6641
EPSS Score 0.00511
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:45:27.264113+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json 38.0.0