"Trojan Source" vulnerability

Here’s some info about this vulnerability:

The Rust compiler and GHC have responded by emitting warnings when the problematic “bidirectional override” Unicode codepoints are encountered. (See Security advisory for rustc (CVE-2021-42574) | Rust Blog and Warn if unicode bidirectional formatting characters are found in the source (#20263) (!6736) · Merge requests · Glasgow Haskell Compiler / GHC · GitLab).

I haven’t actually checked whether Dhall implementations are affected, but it seems likely that they are. Maybe they should include similar mitigations as rustc and GHC do?!

2 Likes