![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://programming.dev/pictrs/image/8140dda6-9512-4297-ac17-d303638c90a6.png)
This, btw, is why CVE scores are insane at times.
The vulnerability is that when spawning a new process which is a bat file you need special treatment of the arguments to avoid spawning a second process.
So you need a rust program setup to spawn other processes which also somehow forwards unparsed user input into those processes and is executing a bat file.
There’s a reason nobody has fixed this, it’s because it’s an insane setup that affects basically no rust programs.
It does not work like that.
The problem with such statements is the energy costs are nowhere near fixed. The amount of energy needed to play a song on my iPod shuffle through a wired headset is wildly different from the power needed to play that same song on my TV through my home theater equipment.
The same is true on the backend. The amount of power Google spends serving up a wildly popular band is way less than what they burn serving up an unknown Indy band’s video. That’s because the popular band’s music will have been pre-optimized by Google to save on bandwidth and computing resources. When something is popular, it’s in their best interests to reduce the computational costs (ie power consumption) associated with serving that content.