Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14NG1xLW03NWYtbXg4bc4AArs_
Delegate functions are missing `Send` bound
Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior.
The flaw was corrected in commit afe3252 by adding Send bounds.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14NG1xLW03NWYtbXg4bc4AArs_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-x4mq-m75f-mx8m
References:
- https://github.com/microsoft/windows-rs/issues/1409
- https://github.com/microsoft/windows-rs/commit/afe32525c22209aa8f632a0f4ad607863b51796a
- https://rustsec.org/advisories/RUSTSEC-2022-0008.html
- https://github.com/advisories/GHSA-x4mq-m75f-mx8m
Blast Radius: 41.1
Affected Packages
cargo:windows
Dependent packages: 547Dependent repositories: 15,650
Downloads: 32,478,427 total
Affected Version Ranges: >= 0.1.2, < 0.32.0
Fixed in: 0.32.0
All affected versions: 0.1.2, 0.1.3, 0.1.4, 0.2.1, 0.3.1, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.15.4, 0.15.5, 0.15.6, 0.15.7, 0.16.0, 0.17.0, 0.17.1, 0.17.2, 0.18.0, 0.19.0, 0.20.0, 0.20.1, 0.21.0, 0.21.1, 0.22.1, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0
All unaffected versions: 0.0.0, 0.0.1, 0.32.0, 0.33.0, 0.34.0, 0.35.0, 0.36.0, 0.36.1, 0.37.0, 0.38.0, 0.39.0, 0.40.0, 0.41.0, 0.42.0, 0.43.0, 0.44.0, 0.46.0, 0.47.0, 0.48.0, 0.51.0, 0.51.1, 0.52.0, 0.53.0, 0.54.0, 0.56.0