GHSA-69vj-xx27-g45w

Source

https://github.com/advisories/GHSA-69vj-xx27-g45w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-69vj-xx27-g45w/GHSA-69vj-xx27-g45w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-69vj-xx27-g45w

Aliases

CVE-2020-36216
RUSTSEC-2020-0108

Published

2021-08-25T20:51:49Z

Modified

2023-11-08T04:03:42.027833Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Data race in eventio

Details

Input<R> implements Send without requiring R: Send.

Affected versions of this crate allows users to send non-Send types to other threads, which can lead to undefined behavior such as data race and memory corruption.

The flaw was corrected in version 0.5.1 by adding R: Send bound to the Send impl of Input<R>.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-662",
        "CWE-787"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:47:45Z"
}

References

Affected packages

crates.io / eventio

Package

Name: eventio; View open source insights on deps.dev
Purl: pkg:cargo/eventio

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.1