icon

We found results for “

WS-2020-0290

Good to know:

icon

Date: November 16, 2020

All versions before v0.7.0 of the crate 'generator' are vulnerable. The Generator type is an iterable which uses a generator function that yields values. In affected versions of the crate, the provided function yielding values had no Send bounds despite the Generator itself implementing Send. The generator function lacking a Send bound means that types that are dangerous to send across threads such as Rc could be sent as part of a generator, potentially leading to data races. This flaw was fixed in commit f7d120a3b by enforcing that the generator function be bound by Send.

Language: RUST

Severity Score

Severity Score

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

icon

Upgrade Version

Upgrade to version 0.7.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us