{"id":"RUSTSEC-2018-0019","summary":"Multiple memory safety issues","details":"Affected versions contain multiple memory safety issues, such as:\n\n - Unsoundly coercing immutable references to mutable references\n - Unsoundly extending lifetimes of strings\n - Adding the `Send` marker trait to objects that cannot be safely sent between threads\n\nThis may result in a variety of memory corruption scenarios, most likely use-after-free.\n \nA significant refactoring effort has been conducted to resolve these issues.","aliases":["CVE-2018-25024","CVE-2018-25025","CVE-2018-25026","GHSA-7x36-h62w-vw65","GHSA-9qj6-4rfq-vm84","GHSA-fgfm-hqjw-3265","GHSA-w65j-g6c7-g3m4"],"modified":"2024-03-15T00:05:26.941600Z","published":"2018-06-08T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/actix-web"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2018-0019.html"},{"type":"REPORT","url":"https://github.com/actix/actix-web/issues/289"}],"affected":[{"package":{"name":"actix-web","ecosystem":"crates.io","purl":"pkg:cargo/actix-web"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.7.15"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"functions":[],"os":[]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2018-0019.json","cvss":null,"informational":null,"categories":["memory-corruption"]}}],"schema_version":"1.7.3"}