MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3eGMtajk3ai04NGdm

High

Permalink JSON

Race condition in Parc

Affected Packages	Affected Versions	Fixed Versions
cargo:parc	<= 1.0.1	No known fixed version
1 Dependent packages 1 Dependent repositories 4,090 Downloads total Affected Version Ranges All affected versions 1.0.0, 1.0.1

In the affected versions of this crate, LockWeak<T> unconditionally implemented Send with no trait bounds on T. LockWeak<T> doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races.

References:

https://github.com/hyyking/rustracts/pull/6
https://rustsec.org/advisories/RUSTSEC-2020-0134.html
https://github.com/advisories/GHSA-xwxc-j97j-84gf

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3eGMtajk3ai04NGdm

Race condition in Parc

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

Classification

Source

Origin

Repository

Date and time

Published

Updated

API