CVE-2020-35925: Data races in magnetic

August 25, 2021 (updated June 13, 2023)

Affected versions of this crate unconditionally implemented Sync and Send traits for MPMCConsumer and MPMCProducer types. This allows users to send types that do not implement Send trait across thread boundaries, which can cause a data race. The flaw was corrected in the 2.0.1 release by adding T: Send bound to affected Sync/Send trait implementations.

References

github.com/advisories/GHSA-wv4p-jp67-jr97
github.com/johnshaw/magnetic
github.com/johnshaw/magnetic/issues/9
nvd.nist.gov/vuln/detail/CVE-2020-35925
rustsec.org/advisories/RUSTSEC-2020-0088.html

Code Behaviors & Features

Detect and mitigate CVE-2020-35925 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →