CVE-2021-28031: move_elements can double-free objects on panic
(updated )
Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding.
The flaw was fixed in commit 891561bea
by removing the unsafe block and using a plain iterator.
References
Detect and mitigate CVE-2021-28031 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →