Low severityNVD Advisory· Published Jul 27, 2025· Updated Jul 28, 2025
CVE-2024-58266
CVE-2024-58266
Description
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shlexcrates.io | < 1.3.0 | 1.3.0 |
Affected products
8- ghsa-coords7 versionspkg:cargo/shlexpkg:rpm/opensuse/framework-inputmodule-control&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rav1e&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/rav1e&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/rav1e&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.1
< 1.3.0+ 6 more
- (no CPE)range: < 1.3.0
- (no CPE)range: < 0.2.0-3.1
- (no CPE)range: < 0.6.6-150600.3.6.1
- (no CPE)range: < 0.6.6-150600.3.6.1
- (no CPE)range: < 0.6.6-150600.3.6.1
- (no CPE)range: < 0.2.8+12-1.1
- (no CPE)range: < 0.2.8+12-slfo.1.1_1.1
- comex/shlexv5Range: 0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.