{"id":"RUSTSEC-2020-0127","summary":"SyncRef's clone() and debug() allow data races","details":"Affected versions of this crate unconditionally implement `Sync` for `SyncRef\u003cT\u003e`.\nThis definition allows data races if `&T` is accessible through `&SyncRef`.\n\n`SyncRef\u003cT\u003e` derives `Clone` and `Debug`, and the default implementations of those traits access `&T` by invoking `T::clone()` & `T::fmt()`. It is possible to create data races & undefined behavior by concurrently invoking `SyncRef\u003cT\u003e::clone()` or `SyncRef\u003cT\u003e::fmt()` from multiple threads with `T: !Sync`.","aliases":["CVE-2020-36447","GHSA-3837-87vh-xq3w","GHSA-pfjq-935c-4895"],"modified":"2023-11-08T04:03:45.399019Z","published":"2020-12-18T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/v9"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0127.html"},{"type":"REPORT","url":"https://github.com/purpleposeidon/v9/issues/1"},{"type":"WEB","url":"https://github.com/purpleposeidon/v9/commit/18847c50e5d36561cc91c996c3539ddb1eacf6c7"}],"affected":[{"package":{"name":"v9","ecosystem":"crates.io","purl":"pkg:cargo/v9"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.1.43"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"arch":[],"os":[]}},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0127.json","categories":["memory-corruption","thread-safety"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}