CVE-2024-58266

Public on 2025-07-27
Modified on 2025-08-04
Description
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
Severity
Low severity
Low
See what this means
CVSS v3 Base Score
3.7
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2023 amazon-efs-utils Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra aws-nitro-enclaves-cli Not Affected
Amazon Linux 2023 aws-nitro-enclaves-cli Not Affected
Amazon Linux 2023 clamav1.4 Not Affected
Amazon Linux 2023 firefox Not Affected
Amazon Linux 2023 gjs Not Affected
Amazon Linux 2023 polkit Not Affected
Amazon Linux 2 - Core rust Not Affected
Amazon Linux 2023 rust Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2024-58266 Mitre: CVE-2024-58266