CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

CVE-2021-20812

CVE-2021-20812 is a cross-site scripting vulnerability in the Setting screen of Server Sync for Movable Type, affecting Movable Type 7 (r.4903 and earlier), Movable Type 6 (6.8.0 and earlier), Movable Type Advanced 7 (r.4903 and earlier), Movable Type Premium 1.44 and earlier, and Movable Type Pr...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

GHSA-48VQ-8JQV-GM6F Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

Data races in v9

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

GHSA-83R8-P8V6-6GFM Slock<T> allows sending non-Send types across thread boundaries

Slock unconditionally implements Send/Sync. Affected versions of this crate allows sending non-Send types to other threads, which can lead to data races and memory corruption due to the data race...

GHSA-8892-84WF-CG8F SyncChannel<T> can move 'T: !Send' to other threads

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel. SyncChannel doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs...

SyncChannel<T> can move 'T: !Send' to other threads

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel. SyncChannel doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs...

Queue<T> should have a Send bound on its Send/Sync traits

Affected versions of this crate unconditionally implements Send/Sync for Queue. This allows 1 creating data races to a T: !Sync and 2 sending T: !Send to other threads, resulting in memory corruption or other undefined behavior...

Singleton lacks bounds on Send and Sync.

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

GHSA-JH2G-XHQQ-X4W9 Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>

Affected versions of this crate unconditionally implement Send/Sync for RcuCell. This allows users to send T: !Send to other threads while T enclosed within RcuCell, and allows users to concurrently access T: !Sync by using the APIs of RcuCell that provide access to &T. This can result in memory...

GHSA-XWXC-J97J-84GF Race condition in Parc

In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...

MvccRwLock allows data races & aliasing violations

Affected versions of the noisesearch crate unconditionally implement Send/Sync for MvccRwLock. This can lead to data races when types that are either !Send or !Sync e.g. Rc, Arc are contained inside MvccRwLock and sent across thread boundaries. The data races can potentially lead to memory...

GHSA-RMFF-F8W9-C9RM Data races in max7301

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

GHSA-JWPH-QP5H-F9WJ Data races in bunch

An issue was discovered in the bunch crate through 2020-11-12 for Rust. Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T...

Data races in bunch

An issue was discovered in the bunch crate through 2020-11-12 for Rust. Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T...

Data races in convec

Affected versions of this crate unconditionally implement Send/Sync for ConVec. This allows users to insert T that is not Send or not Sync. This allows users to create data races by using non-Send types like Arc or Rc as T in ConVec. It is also possible to create data races by using types like Ce...

Data races in signal-simple

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel. SyncChannel doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs...

GHSA-9J8Q-M9X5-9G6J Data races in async-coap

An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Affected versions of this crate implement Send/Sync for ArcGuard with no trait bounds on RC. This allows users to send RC: !Send to other threads and also allows users to concurrently access Rc: !Sync from multiple...