GHSA-w65j-g6c7-g3m4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w65j-g6c7-g3m4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-w65j-g6c7-g3m4/GHSA-w65j-g6c7-g3m4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w65j-g6c7-g3m4
- Aliases
-
- CVE-2018-25024
- CVE-2018-25025
- CVE-2018-25026
- GHSA-7x36-h62w-vw65
- GHSA-9qj6-4rfq-vm84
- GHSA-fgfm-hqjw-3265
- RUSTSEC-2018-0019
- Published
- 2021-08-25T20:42:50Z
- Modified
- 2024-03-15T00:05:26.941600Z
- Summary
- Multiple memory safety issues in actix-web
- Details
-
Affected versions contain multiple memory safety issues, such as:
- Unsoundly coercing immutable references to mutable references
- Unsoundly extending lifetimes of strings
- Adding the
Sendmarker trait to objects that cannot be safely sent between threads
This may result in a variety of memory corruption scenarios, most likely use-after-free.
A signficant refactoring effort has been conducted to resolve these issues.
- Database specific
{ "nvd_published_at": null, "severity": "MODERATE", "github_reviewed_at": "2021-08-24T19:13:30Z", "github_reviewed": true, "cwe_ids": [ "CWE-362" ] }- References
Affected packages
crates.io / actix-web
Package
- Name
- actix-web
- View open source insights on deps.dev
- Purl
- pkg:cargo/actix-web