Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djctM3Y0Yy1nZjM4
Data races in parc
In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races.
Permalink: https://github.com/advisories/GHSA-29v7-3v4c-gf38JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djctM3Y0Yy1nZjM4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-29v7-3v4c-gf38, CVE-2020-36454
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-36454
- https://github.com/hyyking/rustracts/pull/6
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/parc/RUSTSEC-2020-0134.md
- https://rustsec.org/advisories/RUSTSEC-2020-0134.html
- https://github.com/advisories/GHSA-29v7-3v4c-gf38
Blast Radius: 0.0
Affected Packages
cargo:parc
Dependent packages: 1Dependent repositories: 1
Downloads: 1,547 total
Affected Version Ranges: <= 1.0.1
No known fixed version
All affected versions: 1.0.0, 1.0.1