{"id":"RUSTSEC-2020-0104","summary":"ImageChunkMut needs bounds on its Send and Sync traits","details":"In the affected versions of this crate, `ImageChunkMut\u003c'_, T\u003e` unconditionally implements `Send` and `Sync`, allowing to create data races.\n\nThis can result in a memory corruption or undefined behavior when non thread-safe types are moved and referenced across thread boundaries.\n\nThe flaw was corrected in commit e7fb2f5 by adding `T: Send` bound to the `Send` impl and adding `T: Sync` bound to the `Sync` impl.","aliases":["CVE-2020-36211","GHSA-xp6v-qx65-4pp7"],"modified":"2023-11-08T04:03:41.780192Z","published":"2020-12-08T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/gfwx"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0104.html"},{"type":"REPORT","url":"https://github.com/Devolutions/gfwx-rs/issues/7"}],"affected":[{"package":{"name":"gfwx","ecosystem":"crates.io","purl":"pkg:cargo/gfwx"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.3.0"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0104.json","informational":null,"cvss":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","categories":["memory-corruption","thread-safety"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}