GHSA-8q64-wrfr-q48c: Data races in model

August 25, 2021

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust.

Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and care must be taken so that the testing code does not have a data race besides a race condition that is expected to be caught by the test.

Check the Rustonomicon for the difference between a data race and a general race condition.

References

github.com/advisories/GHSA-8q64-wrfr-q48c
github.com/spacejam/model
github.com/spacejam/model/issues/3
rustsec.org/advisories/RUSTSEC-2020-0140.html

Code Behaviors & Features

Detect and mitigate GHSA-8q64-wrfr-q48c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →