CVE-2020-36456: Data races in toolshed

August 25, 2021

An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell, the Send trait lacks bounds on the contained type.

References

github.com/advisories/GHSA-2r6q-6c8c-g762
github.com/ratel-rust/toolshed
github.com/ratel-rust/toolshed/issues/12
nvd.nist.gov/vuln/detail/CVE-2020-36456
rustsec.org/advisories/RUSTSEC-2020-0136.html

Detect and mitigate CVE-2020-36456 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →