GHSA-hxw9-jxqw-jc8j

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 8.1

Описание

Data races in dces

An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore. This allows non-thread safe EntityStore and ComponentStores to be sent across threads and cause data races.

Ссылки

Пакеты

Наименование

dces

rust

Затронутые версииВерсия исправления

<= 0.3.0

Отсутствует

EPSS

Процентиль: 64%

0.00477

Низкий

8.1 High

CVSS3

CVE ID

CVE-2020-36459

Дефекты

CWE-362

CWE-77

Связанные уязвимости

CVE-2020-36459

CVSS3: 8.1

nvd

больше 4 лет назад

An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore.

EPSS

Процентиль: 64%

0.00477

Низкий

8.1 High

CVSS3

CVE ID

CVE-2020-36459

Дефекты

CWE-362

CWE-77