RUSTSEC-2020-0028: rocket: `LocalRequest::clone` creates multiple mutable references to the same object

Next: RUSTSEC-2020-0017: internment: Use after free in ArcIntern::drop
Previous: RUSTSEC-2020-0018: block-cipher-trait: crate has been renamed to `block-cipher`

May 27, 2020

Description

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.

More Info

https://github.com/SergioBenitez/Rocket/issues/1312

Patched Versions

>=0.4.5

Unaffected Versions

<0.4.0