CVE-2020-36204: Data races in im
(updated )
An issue was discovered in the im crate prior to 15.1.0 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
References
- github.com/advisories/GHSA-q9h2-4xhf-23xx
- github.com/bodil/im-rs
- github.com/bodil/im-rs/commit/0b3a7b228b0fe70446393f55c8b893f349f3f6bd
- github.com/bodil/im-rs/issues/157
- github.com/bodil/im-rs/pull/158
- github.com/bodil/im-rs/releases/tag/v15.1.0
- nvd.nist.gov/vuln/detail/CVE-2020-36204
- rustsec.org/advisories/RUSTSEC-2020-0096.html
Code Behaviors & Features
Detect and mitigate CVE-2020-36204 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →