Remix.run Logo
whartung 2 days ago

It interesting that this vulnerability has not had the flag raised in the wider Lisp community, since it also applies there.

Most of the packages and modules that the Lisp systems have are shipped as source code, and compiled on site. That suggests that innocuous importing of a internet sourced module can wreak havoc on your system just by loading it, you don't even have to run it.

Granted, it's not quite the same as having something like auto-complete drain your bitcoin wallet, but it's close.

Most every other eco system you actually have to run the code itself to be worried about an exploitation (which, mind, in today's world is a low bar, but a bar nonetheless).

worthless-trash 2 days ago | parent [-]

I think you can just load (require ?) a python module and not run it and it will execute the python code.

I don't think that this is exclusive to python either.