Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4MzctODd2aC14cTN3

High EPSS: 0.00336% (0.55518 Percentile) EPSS:
Permalink JSON

Data race in v9

Affected Packages Affected Versions Fixed Versions
cargo:v9
PURL: pkg:cargo/v9
< 0.1.43 0.1.43
0 Dependent packages
0 Dependent repositories
15,091 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.37, 0.1.38, 0.1.39, 0.1.40, 0.1.41, 0.1.42

All unaffected versions

0.1.43

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef.

SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone() & T::fmt(). It is possible to create data races & undefined behavior by concurrently invoking SyncRef::clone() or SyncRef::fmt() from multiple threads with T: !Sync.

References:

Identifiers

GHSA-3837-87vh-xq3w

CVE-2020-36447

Risk

Severity

High

EPSS

EPSS Percentage: 0.00336

EPSS Percentile: 0.55518

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/purpleposeidon/v9

Date and time

Published

about 4 years ago

Updated

over 2 years ago

API

JSON