HistoryEdit

RUSTSEC-2020-0028

LocalRequest::clone creates multiple mutable references to the same object

Issued
Package
rocket (crates.io)
Type
INFO Unsound
Aliases
Details
https://github.com/SergioBenitez/Rocket/issues/1312
CVSS Score
8.1 HIGH
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Patched
  • >=0.4.5
Unaffected
  • <0.4.0
Affected Functions
Version
rocket::local::LocalRequest::clone
  • <0.4.5, >=0.4.0

Description

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.