The "Trojan Source" vulnerability

The latest branded and trademarked vulnerability type is called "Trojan Source". By playing tricks with Unicode bidirectional support, an attacker can create malicious code that appears to be benign to reviewers. "The attack is to use control characters embedded in comments and strings to reorder source code characters in a way that changes its logic." Various releases, including Rust 1.56.1, are being made to address this problem.

Comments (120 posted)