CVE-2024-42029: Cpp Unquoted Std Format Command Injection
Construction of a shell command using `std::format` without single-quoting the formatting placeholders (`'{}'`). This may allow command injection if untrusted inputs contain shell substitution sequences like `$(...)` or backticks when evaluated by the shell.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
C++β
C++βgreprules fetch cve-2024-42029-cpp-unquoted-std-format-command-injection --engine opengrepDescription
Construction of a shell command using `std::format` without single-quoting the formatting placeholders (`'{}'`). This may allow command injection if untrusted inputs contain shell substitution sequences like `$(...)` or backticks when evaluated by the shell.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0