RUSTSEC-2020-0122: beef::Cow lacks a Sync bound on its Send trait allowing for data races
github-actions opened this issue · 0 comments
github-actions commented
beef::Cow lacks a Sync bound on its Send trait allowing for data races
| Details | |
|---|---|
| Package | beef |
| Version | 0.4.4 |
| URL | maciejhirsz/beef#37 |
| Date | 2020-10-28 |
| Patched versions | >=0.5.0 |
Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow<'_, T, U>. This allows users to create data races by making Cow contain types that are (Send && !Sync) like Cell<_> or RefCell<_>.
Such data races can lead to memory corruption.
The flaw was corrected in commit d1c7658 by adding trait bounds T: Sync and T::Owned: Send to the Send impl for Cow<'_, T, U>.
See advisory page for additional details.