CVE-2020-36204 – im

Package

Manager: cargo
Name: im
Vulnerable Version: >=12.0.0 <15.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0005 pctl0.15284

Details

Data races in im An issue was discovered in the im crate prior to 15.1.0 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.

Metadata

Created: 2021-08-25T20:51:36Z
Modified: 2022-06-07T21:31:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-q9h2-4xhf-23xx/GHSA-q9h2-4xhf-23xx.json
CWE IDs: ["CWE-662"]
Alternative ID: GHSA-q9h2-4xhf-23xx
Finding: F124
Auto approve: 1