HistoryEditJSON (OSV)

RUSTSEC-2020-0111

may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

Reported
Issued
Package
may_queue (crates.io)
Type
Vulnerability
Categories
Keywords
#concurrency
Aliases
References
CVSS Score
5.9 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.1.8

Description

Affected versions of may_queue implements Send/Sync for its Queue type without restricting it to Sendable types and Syncable types.

This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs.

Advisory available under CC0-1.0 license.