GHSA-3hxh-7jxm-59x4: AtomicBucket<T> unconditionally implements Send/Sync
In the affected versions of the crate, AtomicBucket<T>
unconditionally implements Send
/Sync
traits. Therefore, users can create a data race to the inner
T: !Sync
by using the AtomicBucket::data_with()
API.
Such data races can potentially cause memory corruption or other undefined behavior.
The flaw was fixed in commit 8e6daab by adding appropriate Send/Sync bounds to the Send/Sync impl of struct Block<T>
(which is a data type contained inside AtomicBucket<T>
).
References
Detect and mitigate GHSA-3hxh-7jxm-59x4 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →