CVE-2020-35906: futures_task::waker may cause a use-after-free if used on a type that isn't 'static
(updated )
Affected versions of the crate did not properly implement a ‘static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake() is called after original data had been dropped.
The flaw was corrected by adding ‘static lifetime bound to the data waker takes.
References
Detect and mitigate CVE-2020-35906 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →