Affected versions of the crate had an unsound
Sync implementation on the
FuturesUnordered structure, which used a
interior mutablity without any code to handle synchronized access to the underlying task list’s length and head safely.
This could of lead to data corruption since two threads modifying the list at once could see incorrect values due to the lack
of access synchronization.
The issue was fixed by adding access synchronization code around insertion of tasks into the list.