GHSA-h6gg-fvf5-qgwf – generator

Package

Manager: cargo
Name: generator
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Data races in generator The `Generator` type is an iterable which uses a generator function that yields values. In affected versions of the crate, the provided function yielding values had no `Send` bounds despite the `Generator` itself implementing `Send`. The generator function lacking a `Send` bound means that types that are dangerous to send across threads such as `Rc` could be sent as part of a generator, potentially leading to data races. This flaw was fixed in commit [`f7d120a3b`](https://github.com/Xudong-Huang/generator-rs/commit/f7d120a3b724d06a7b623d0a4306acf8f78cb4f0) by enforcing that the generator function be bound by `Send`.

Metadata

Created: 2021-08-25T20:55:41Z
Modified: 2021-08-24T18:04:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-h6gg-fvf5-qgwf/GHSA-h6gg-fvf5-qgwf.json
CWE IDs: ["CWE-362"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0