OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6d6a43c6d2e3df6d6f4f3555d10980ac4b8dcfb
advisory-db/crates/actix-http/RUSTSEC-2020-0048.toml
Sergey "Shnatsel" Davidoff 17d2fd9b41 fix date for real this time
2020-09-26 21:32:13 +02:00

20 lines
710 B
TOML
Raw Blame History

[advisory]
id = "RUSTSEC-2020-0048"
package = "actix-http"
date = "2020-01-24"
title = "Use-after-free in BodyStream due to lack of pinning"
url = "https://github.com/actix/actix-web/issues/1321"
categories = ["memory-corruption"]
description = """
Affected versions of this crate did not require the buffer wrapped in `BodyStream` to be pinned,
but treated it as if it had a fixed location in memory. This may result in a use-after-free.
The flaw was corrected by making the trait `MessageBody` require `Unpin`
and making `poll_next()` function accept `Pin<&mut Self>` instead of `&mut self`.
"""
# Versions which include fixes for this vulnerability (mandatory)
[versions]
patched = [">= 2.0.0-alpha.1"]
Reference in New Issue View Git Blame Copy Permalink