GHSA-mxv6-q98x-h958

Suggest an improvement
Source
https://github.com/advisories/GHSA-mxv6-q98x-h958
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-mxv6-q98x-h958/GHSA-mxv6-q98x-h958.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mxv6-q98x-h958
Aliases
Published
2021-08-25T20:56:07Z
Modified
2023-11-08T04:03:46.195914Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Data races in model
Details

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust.

Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and care must be taken so that the testing code does not have a data race besides a race condition that is expected to be caught by the test.

Database specific
{
    "nvd_published_at": "2021-08-08T06:15:00Z",
    "github_reviewed_at": "2021-08-18T21:17:33Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-362",
        "CWE-843"
    ]
}
References

Affected packages

crates.io / model

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.1.2