{"id":"RUSTSEC-2020-0119","summary":"ReadTicket and WriteTicket should only be sendable when T is Send","details":"Affected versions of this crate unconditionally implemented `Send` for `ReadTicket\u003cT\u003e` & `WriteTicket\u003cT\u003e`.\nThis allows to send non-Send `T` to other threads.\n\nThis can allows creating data races by cloning types with internal mutability and sending them to other threads (as `T` of `ReadTicket\u003cT\u003e`/`WriteTicket\u003cT\u003e`). Such data races can cause memory corruption or other undefined behavior.\n\nThe flaw was corrected in commit a986a93 by adding `T: Send` bounds to `Send` impls of `ReadTicket\u003cT\u003e`/`WriteTicket\u003cT\u003e`.","aliases":["CVE-2020-36439","GHSA-77m6-x95j-75r5","GHSA-gq4h-f254-7cw9"],"modified":"2023-11-08T04:03:44.903828Z","published":"2020-11-17T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/ticketed_lock"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0119.html"},{"type":"REPORT","url":"https://github.com/kvark/ticketed_lock/issues/7"}],"affected":[{"package":{"name":"ticketed_lock","ecosystem":"crates.io","purl":"pkg:cargo/ticketed_lock"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.3.0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0119.json","cvss":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","categories":["memory-corruption","thread-safety"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}