GHSA-x4mq-m75f-mx8m

Suggest an improvement
Source
https://github.com/advisories/GHSA-x4mq-m75f-mx8m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-x4mq-m75f-mx8m/GHSA-x4mq-m75f-mx8m.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x4mq-m75f-mx8m
Aliases
Published
2022-06-17T00:30:33Z
Modified
2023-11-08T04:24:10.132668Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Delegate functions are missing `Send` bound
Details

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior.

The flaw was corrected in commit afe3252 by adding Send bounds.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-820"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T00:30:33Z"
}
References

Affected packages

crates.io / windows

Package

Name
windows
View open source insights on deps.dev
Purl
pkg:cargo/windows

Affected ranges

Type
SEMVER
Events
Introduced
0.1.2
Fixed
0.32.0