GHSA-mpg5-fvwp-42m2: Unsoundness in `dashmap` references

June 16, 2022

Reference returned by some methods of Ref (and similar types) may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault.

More information in dashmap#167 issue.

References

github.com/advisories/GHSA-mpg5-fvwp-42m2
github.com/xacrimon/dashmap
github.com/xacrimon/dashmap/issues/167
rustsec.org/advisories/RUSTSEC-2022-0002.html

Code Behaviors & Features

Detect and mitigate GHSA-mpg5-fvwp-42m2 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →