GHSA-xwxc-j97j-84gf: Race condition in Parc

August 25, 2021 (updated June 13, 2023)

In the affected versions of this crate, LockWeak<T> unconditionally implemented Send with no trait bounds on T. LockWeak<T> doesn’t own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races.

References

github.com/advisories/GHSA-xwxc-j97j-84gf
github.com/hyyking/rustracts/pull/6
github.com/hyyking/rustracts/tree/master/parc
rustsec.org/advisories/RUSTSEC-2020-0134.html

Detect and mitigate GHSA-xwxc-j97j-84gf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →