GHSA-pfjq-935c-4895: Data races in v9

August 25, 2021 (updated June 13, 2023)

Affected versions of this crate unconditionally implement Sync for SyncRef<T>. This definition allows data races if &T is accessible through &SyncRef.

SyncRef<T> derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone() & T::fmt(). It is possible to create data races & undefined behavior by concurrently invoking SyncRef<T>::clone() or SyncRef<T>::fmt() from multiple threads with T: !Sync.

References

github.com/advisories/GHSA-pfjq-935c-4895
github.com/purpleposeidon/v9/issues/1
rustsec.org/advisories/RUSTSEC-2020-0127.html

Detect and mitigate GHSA-pfjq-935c-4895 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →