MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djctM3Y0Yy1nZjM4

High EPSS: 0.00281% (0.50979 Percentile) EPSS:

Permalink JSON

Data races in parc

Affected Packages	Affected Versions	Fixed Versions
cargo:parc	<= 1.0.1	No known fixed version
1 Dependent packages 1 Dependent repositories 4,090 Downloads total Affected Version Ranges All affected versions 1.0.0, 1.0.1

In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-36454
https://github.com/hyyking/rustracts/pull/6
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/parc/RUSTSEC-2020-0134.md
https://rustsec.org/advisories/RUSTSEC-2020-0134.html
https://github.com/advisories/GHSA-29v7-3v4c-gf38

Identifiers

GHSA-29v7-3v4c-gf38

CVE-2020-36454

Risk

Severity

High

EPSS

EPSS Percentage: 0.00281

EPSS Percentile: 0.50979

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/hyyking/rustracts

Date and time

Published

almost 4 years ago

Updated

about 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories