GitHub Advisory DatabaseGHSA-Q9H2-4XHF-23XXData races in im
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
12.8%
An issue was discovered in the im crate prior to 15.1.0 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
Affected configurations
References
github.com/advisories/GHSA-q9h2-4xhf-23xx
github.com/bodil/im-rs/commit/0b3a7b228b0fe70446393f55c8b893f349f3f6bd
github.com/bodil/im-rs/issues/157
github.com/bodil/im-rs/pull/158
github.com/bodil/im-rs/releases/tag/v15.1.0
nvd.nist.gov/vuln/detail/CVE-2020-36204
rustsec.org/advisories/RUSTSEC-2020-0096.html
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
12.8%