{"id":"RUSTSEC-2020-0101","summary":"conquer-once's OnceCell lacks Send bound for its Sync trait.","details":"Affected versions of `conquer-once` implements `Sync` for its `OnceCell` type\nwithout restricting it to `Send`able types.\n\nThis allows non-`Send` but `Sync` types such as `MutexGuard` to be sent across\nthreads leading to undefined behavior and memory corruption in concurrent\nprograms.\n\nThe issue was fixed by adding a `Send` constraint to `OnceCell`.","aliases":["CVE-2020-36208","GHSA-3jc5-5hc5-33gj"],"modified":"2023-11-08T04:03:41.598624Z","published":"2020-12-22T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/conquer-once"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0101.html"},{"type":"REPORT","url":"https://github.com/oliver-giersch/conquer-once/issues/3"}],"affected":[{"package":{"name":"conquer-once","ecosystem":"crates.io","purl":"pkg:cargo/conquer-once"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.3.2"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":[],"arch":[]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0101.json","cvss":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","informational":null,"categories":["memory-corruption","thread-safety"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}