Lucene search

GitHub Advisory DatabaseGHSA-8Q2V-67V7-6VC6

HistoryAug 25, 2021 - 8:48 p.m.

Data races in rocket

2021-08-2520:48:07

CWE-362

GitHub Advisory Database

github.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.

Affected configurations

Vulners

Node

rocket_coin_projectrocket_coinRange<0.4.5

CPENameOperatorVersion
rocketlt0.4.5

CPE	Name	Operator	Version
	rocket	lt	0.4.5

References

github.com/advisories/GHSA-8q2v-67v7-6vc6

github.com/SergioBenitez/Rocket/issues/1312

nvd.nist.gov/vuln/detail/CVE-2020-35882

rustsec.org/advisories/RUSTSEC-2020-0028.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for GHSA-8Q2V-67V7-6VC6