Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd2NHAtanA2Ny1qcjk3
Data races in magnetic
Affected versions of this crate unconditionally implemented Sync and Send traits for MPMCConsumer and MPMCProducer types. This allows users to send types that do not implement Send trait across thread boundaries, which can cause a data race. The flaw was corrected in the 2.0.1 release by adding T: Send bound to affected Sync/Send trait implementations.
Permalink: https://github.com/advisories/GHSA-wv4p-jp67-jr97JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd2NHAtanA2Ny1qcjk3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-wv4p-jp67-jr97, CVE-2020-35925
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-35925
- https://github.com/johnshaw/magnetic/issues/9
- https://rustsec.org/advisories/RUSTSEC-2020-0088.html
- https://github.com/advisories/GHSA-wv4p-jp67-jr97
Blast Radius: 0.0
Affected Packages
cargo:magnetic
Dependent packages: 0Dependent repositories: 1
Downloads: 11,192 total
Affected Version Ranges: < 2.0.1
Fixed in: 2.0.1
All affected versions: 1.0.0, 1.0.1, 1.0.2, 2.0.0
All unaffected versions: 2.0.1, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.4.1