A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.
Vulmon