The latest branded and trademarked vulnerability type is called “Trojan Source“. By playing tricks
with Unicode bidirectional support, an attacker can create malicious code
that appears to be benign to reviewers. “The attack is to use
control characters embedded in comments and strings to reorder source code
characters in a way that changes its logic.” Various releases,
including Rust
1.56.1,
are being made to address this problem.
もっと詳しく