RUSTSEC-2020-0133
on 2020-11-15: Queue<T> should have a Send bound on its Send/Sync traits
This crate has no reviews yet. To add a review, set up your cargo-crev
.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open scottqueue
. Alternatively, you can download the tarball of scottqueue v0.1.0 or view the source online.
Affected versions of this crate unconditionally implements
Send
/Sync
forQueue<T>
.This allows (1) creating data races to a
T: !Sync
and (2) sendingT: !Send
to other threads, resulting in memory corruption or other undefined behavior.CVE-2020-36453
GHSA-gvvv-w559-2hg6