CVE-2021-25901: Out of bounds read in lazy-init

August 25, 2021

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.

References

github.com/advisories/GHSA-w47j-hqpf-qw9w
github.com/khuey/lazy-init
github.com/khuey/lazy-init/issues/9
nvd.nist.gov/vuln/detail/CVE-2021-25901
rustsec.org/advisories/RUSTSEC-2021-0004.html

Detect and mitigate CVE-2021-25901 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →