CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.8%
Singleton<T>
is meant to be a static object that can be initialized lazily. In
order to satisfy the requirement that static
items must implement Sync
,
Singleton
implemented both Sync
and Send
unconditionally.
This allows for a bug where non-Sync
types such as Cell
can be used in
singletons and cause data races in concurrent programs.
The flaw was corrected in commit b0d2bd20e
by adding trait bounds, requiring
the contaiend type to implement Sync
.
Vendor | Product | Version | CPE |
---|---|---|---|
ruspiro-singleton_project | ruspiro-singleton | * | cpe:2.3:a:ruspiro-singleton_project:ruspiro-singleton:*:*:*:*:*:rust:*:* |
github.com/advisories/GHSA-fqq2-xp7m-xvm8
github.com/RusPiRo/ruspiro-singleton/commit/b0d2bd20eb40b9cbc2958b981ba2dcd9e6f9396e
github.com/RusPiRo/ruspiro-singleton/issues/10
github.com/RusPiRo/ruspiro-singleton/pull/11
nvd.nist.gov/vuln/detail/CVE-2020-36435
raw.githubusercontent.com/rustsec/advisory-db/main/crates/ruspiro-singleton/RUSTSEC-2020-0115.md
rustsec.org/advisories/RUSTSEC-2020-0115.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.8%