CVE-2020-35882: Data races in rocket

August 25, 2021 (updated June 13, 2023)

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.

References

github.com/SergioBenitez/Rocket
github.com/SergioBenitez/Rocket/issues/1312
github.com/advisories/GHSA-8q2v-67v7-6vc6
nvd.nist.gov/vuln/detail/CVE-2020-35882
rustsec.org/advisories/RUSTSEC-2020-0028.html

Detect and mitigate CVE-2020-35882 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →