Lucene search

GitHub Advisory DatabaseGHSA-9PQX-G3JH-QPQQ

HistoryMay 24, 2022 - 5:37 p.m.

Dangling reference in `access::Map` with Constant

2022-05-2417:37:21

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.8%

JSON

An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.

Affected configurations

Vulners

Node

arcarcRange<1.1.0

arcarcRange<0.4.8

CPENameOperatorVersion
arc-swaplt1.1.0
arc-swaplt0.4.8

CPE	Name	Operator	Version
	arc-swap	lt	1.1.0
	arc-swap	lt	0.4.8

References

github.com/advisories/GHSA-9pqx-g3jh-qpqq

github.com/vorner/arc-swap/issues/45

nvd.nist.gov/vuln/detail/CVE-2020-35711

rustsec.org/advisories/RUSTSEC-2020-0091.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.8%

JSON

Related for GHSA-9PQX-G3JH-QPQQ