logo

Database

Race condition In actix-web

Description

Multiple memory safety issues in actix-web Affected versions contain multiple memory safety issues, such as:

    Unsoundly coercing immutable references to mutable references

    Unsoundly extending lifetimes of strings

    Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A signficant refactoring effort has been conducted to resolve these issues.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-w65j-g6c7-g3m4

References

1. https://github.com/actix/actix-web/issues/2892. https://rustsec.org/advisories/RUSTSEC-2018-0019.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.