GHSA-3837-87vh-xq3w

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 8.1

Описание

Data race in v9

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef.

SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone() & T::fmt(). It is possible to create data races & undefined behavior by concurrently invoking SyncRef::clone() or SyncRef::fmt() from multiple threads with T: !Sync.

Ссылки

Пакеты

Наименование

rust

Затронутые версииВерсия исправления

< 0.1.43

0.1.43

EPSS

Процентиль: 56%

0.00336

Низкий

8.1 High

CVSS3

CVE ID

CVE-2020-36447

Дефекты

CWE-77

Связанные уязвимости

CVE-2020-36447

CVSS3: 8.1

nvd

больше 4 лет назад

An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef<T>.

EPSS

Процентиль: 56%

0.00336

Низкий

8.1 High

CVSS3

CVE ID

CVE-2020-36447

Дефекты

CWE-77