RUSTSEC-2022-0002: Unsoundness in `dashmap` references

IronCoreLabs / ironoxide

Rust SDK for IronCore Privacy Platform

https://docs.rs/ironoxide

GNU Affero General Public License v3.0

10 stars 3 forks source link

RUSTSEC-2022-0002: Unsoundness in `dashmap` references #255

Closed github-actions[bot] closed 2 years ago

github-actions[bot] commented 2 years ago

Unsoundness in dashmap references

Details
Package	`dashmap`
Version	`5.0.0`
URL	https://github.com/xacrimon/dashmap/issues/167
Date	2022-01-10
Unaffected versions	`<5.0.0`

Reference returned by some methods of Ref (and similar types) may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault.

More information in dashmap#167 issue.

See advisory page for additional details.

BobWall23 commented 2 years ago

Going to leave it just specifying "5" - unless a consumer pins to 5.0, it will get a non-vulnerable version.