CVE-2020-35882 – rocket

Package

Manager: cargo
Name: rocket
Vulnerable Version: >=0.4.0 <0.4.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00336 pctl0.55788

Details

Data races in rocket The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.

Metadata

Created: 2021-08-25T20:48:07Z
Modified: 2023-06-13T20:48:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-8q2v-67v7-6vc6/GHSA-8q2v-67v7-6vc6.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-8q2v-67v7-6vc6
Finding: F124
Auto approve: 1