GHSA-fvhr-7j8m-3cvc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fvhr-7j8m-3cvc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-fvhr-7j8m-3cvc/GHSA-fvhr-7j8m-3cvc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fvhr-7j8m-3cvc
- Aliases
-
- CVE-2020-36469
- RUSTSEC-2020-0149
- Published
- 2021-08-25T20:57:02Z
- Modified
- 2023-11-08T04:03:46.748675Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Data races in appendix
- Details
-
The
appendixcrate implements a key-value mapping data structure calledIndex<K, V>that is stored on disk. The crate allows for any type to inhabit the genericKandVtype parameters and implements Send and Sync for them unconditionally.Using a type that is not marked as
SendorSyncwithIndexcan allow it to be used across multiple threads leading to data races. Additionally using reference types for the keys or values will lead to the segmentation faults in the crate's code. - Database specific
{ "nvd_published_at": "2021-08-08T06:15:00Z", "github_reviewed_at": "2021-08-18T20:35:37Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-362" ] }- References
Affected packages
crates.io / appendix
Package
- Name
- appendix
- View open source insights on deps.dev
- Purl
- pkg:cargo/appendix