{"id":"RUSTSEC-2023-0048","summary":"Unsoundness in `intern` methods on `intaglio` symbol interners","details":"Affected versions of this crate have a stacked borrows violation when creating\nreferences to interned contents. All interner types are affected.\n\nThe flaw was corrected in version 1.9.0 by reordering move and borrowing\noperations and storing interned contents by raw pointer instead of as a `Box`.","aliases":["GHSA-gch5-hwqf-mxhp"],"modified":"2023-11-08T04:19:27.824697Z","published":"2023-07-26T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/intaglio"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0048.html"},{"type":"WEB","url":"https://github.com/artichoke/intaglio/pull/236"},{"type":"REPORT","url":"https://github.com/artichoke/intaglio/issues/235"},{"type":"WEB","url":"https://github.com/artichoke/intaglio/releases/tag/v1.9.0"}],"affected":[{"package":{"name":"intaglio","ecosystem":"crates.io","purl":"pkg:cargo/intaglio"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"1.9.0"}]}],"ecosystem_specific":{"affects":{"functions":["intaglio::SymbolTable::intern","intaglio::bytes::SymbolTable::intern","intaglio::cstr::SymbolTable::intern","intaglio::osstr::SymbolTable::intern","intaglio::path::SymbolTable::intern"],"arch":[],"os":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0048.json","categories":[],"cvss":null,"informational":"unsound"}}],"schema_version":"1.7.3"}