GHSA-3mv5-343c-w2qg: Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
(updated )
This advisory is also published as RUSTSEC-2023-0074.
The Ref
methods into_ref
, into_mut
, into_slice
, and into_slice_mut
are unsound and may allow safe code to exhibit undefined behavior when used with Ref<B, T>
where B
is cell::Ref
or cell::RefMut
. Note that these methods remain sound when used with B
types other than cell::Ref
or cell::RefMut
.
See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.
The current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.
References
Detect and mitigate GHSA-3mv5-343c-w2qg with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →