CVE-2020-35925 – magnetic

Package

Manager: cargo
Name: magnetic
Vulnerable Version: >=0 <2.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00054 pctl0.16661

Details

Data races in magnetic Affected versions of this crate unconditionally implemented Sync and Send traits for MPMCConsumer and MPMCProducer types. This allows users to send types that do not implement Send trait across thread boundaries, which can cause a data race. The flaw was corrected in the 2.0.1 release by adding T: Send bound to affected Sync/Send trait implementations.

Metadata

Created: 2021-08-25T20:50:05Z
Modified: 2023-06-13T18:44:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-wv4p-jp67-jr97/GHSA-wv4p-jp67-jr97.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-wv4p-jp67-jr97
Finding: F124
Auto approve: 1