GHSA-gch5-hwqf-mxhp: Unsoundness in `intern` methods on `intaglio` symbol interners

July 27, 2023

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected.

The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box.

References

github.com/advisories/GHSA-gch5-hwqf-mxhp
github.com/artichoke/intaglio
github.com/artichoke/intaglio/pull/236
rustsec.org/advisories/RUSTSEC-2023-0048.html

Code Behaviors & Features

Detect and mitigate GHSA-gch5-hwqf-mxhp with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →