GHSA-x4mq-m75f-mx8m: Delegate functions are missing `Send` bound

June 17, 2022 (updated July 5, 2022)

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior.

The flaw was corrected in commit afe3252 by adding Send bounds.

References

github.com/advisories/GHSA-x4mq-m75f-mx8m
github.com/microsoft/windows-rs
github.com/microsoft/windows-rs/commit/afe32525c22209aa8f632a0f4ad607863b51796a
github.com/microsoft/windows-rs/issues/1409
rustsec.org/advisories/RUSTSEC-2022-0008.html

Code Behaviors & Features

Detect and mitigate GHSA-x4mq-m75f-mx8m with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →