```toml
[advisory]
id = "RUSTSEC-2021-0077"
package = "better-macro"
date = "2021-07-22"
url = "https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38"
categories = ["code-execution"]
keywords = ["rce", "proc-macro"]
aliases = ["CVE-2021-38196", "GHSA-79wf-qcqv-r22r"]

[affected]
functions = { "better_macro::println" = ["> 1.0.0"] }

[versions]
patched = []
```

# `better-macro` has deliberate RCE to prove a point

[better-macro](https://crates.io/crates/better-macro) is a fake crate which is
"Proving A Point" that proc-macros can run arbitrary code. This is not a particularly
novel or interesting observation.

It currently opens `https://github.com/raycar5/better-macro/blob/master/doc/hi.md`
which doesn't appear to have any malicious content, but there's no guarantee that
will remain the case.

This crate has no useful functionality, and should not be used.