mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-23 20:05:15 +01:00
f494f83f8e
looks like RUSTSEC-2020-0036 might be a special case, someone got a cve for that the crate is unmaintained
21 lines
731 B
Markdown
21 lines
731 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0128"
|
|
package = "cache"
|
|
date = "2020-11-24"
|
|
url = "https://github.com/krl/cache/issues/1"
|
|
categories = ["memory-corruption", "thread-safety"]
|
|
aliases = ["CVE-2020-36448"]
|
|
|
|
[versions]
|
|
patched = []
|
|
```
|
|
|
|
# Cache<K>: Send/Sync impls needs trait bounds on `K`
|
|
|
|
Affected versions of this crate unconditionally implement Send/Sync for `Cache<K>`.
|
|
This allows users to insert `K` that is not Send or not Sync.
|
|
|
|
This allows users to create data races by using non-Send types like `Arc<Cell<T>>` or `Rc<T>` as `K` in `Cache<K>`. It is also possible to create data races by using types like `Cell<T>` or `RefCell<T>` (types that are `Send` but not `Sync`).
|
|
Such data races can lead to memory corruption.
|