Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2aHItN2o4bS0zY3Zj
Data races in appendix
The appendix
crate implements a key-value mapping data structure called
Index<K, V>
that is stored on disk. The crate allows for any type to inhabit
the generic K
and V
type parameters and implements Send and Sync for them
unconditionally.
Using a type that is not marked as Send
or Sync
with Index
can allow it
to be used across multiple threads leading to data races. Additionally using
reference types for the keys or values will lead to the segmentation faults
in the crate's code.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2aHItN2o4bS0zY3Zj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: almost 2 years ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00117
EPSS Percentile: 0.46529
Identifiers: GHSA-fvhr-7j8m-3cvc, CVE-2020-36469
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-36469
- https://github.com/krl/appendix/issues/6
- https://rustsec.org/advisories/RUSTSEC-2020-0149.html
- https://github.com/advisories/GHSA-fvhr-7j8m-3cvc
Blast Radius: 0.0
Affected Packages
cargo:appendix
Dependent packages: 3Dependent repositories: 1
Downloads: 15,425 total
Affected Version Ranges: <= 0.2.0
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0