CVE-2019-16141: Improper Input Validation in once_cell
(updated )
If during the first dereference of Lazy the initialization function panics, subsequent dereferences will execute std::hints::unreachable_unchecked. Applications with panic = “abort” are not affected, as there will be no subsequent dereferences.
References
- github.com/advisories/GHSA-7j44-fv4x-79g9
- github.com/matklad/once_cell
- github.com/matklad/once_cell/commit/afcca95a05240ebd931ab20998c946f77ef1e284
- github.com/matklad/once_cell/issues/46
- github.com/matklad/once_cell/pull/47
- nvd.nist.gov/vuln/detail/CVE-2019-16141
- rustsec.org/advisories/RUSTSEC-2019-0017.html
Detect and mitigate CVE-2019-16141 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →