GHSA-w65j-g6c7-g3m4: Multiple memory safety issues in actix-web

August 25, 2021

Affected versions contain multiple memory safety issues, such as:

Unsoundly coercing immutable references to mutable references
Unsoundly extending lifetimes of strings
Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A signficant refactoring effort has been conducted to resolve these issues.

References

github.com/actix/actix-web
github.com/actix/actix-web/issues/289
github.com/advisories/GHSA-w65j-g6c7-g3m4
rustsec.org/advisories/RUSTSEC-2018-0019.html

Code Behaviors & Features

Detect and mitigate GHSA-w65j-g6c7-g3m4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →